JFrog - Q3 2023

Transcript

Operator (participant)

Ladies and gentlemen, thank you for joining us, and welcome to JFrog's third quarter 2023 earnings conference call. I'll hand the conference over today to Shanti Ariker, Chief Legal Officer. Shanti, please go ahead.

Shanti Ariker (Chief Legal Officer)

Good afternoon, and thank you for joining us as we review JFrog's third quarter 2023 financial results, which were announced following market close today via a press release. Leading the call today will be JFrog's CEO and co-founder, Shlomi Ben Haim, and Jacob Shulman, JFrog's CFO. During this call, we may make statements related to our business that are forward-looking under federal securities laws and are made pursuant to the Safe Harbor provisions of the Private Securities Litigation Reform Act of 1995, including statements relating to our future financial performance, including our outlook for Q4 and the full year of 2023. The words anticipate, believe, continue, estimate, expend, intend, will, and similar expressions are intended to identify forward-looking statements or similar indications of future expectations.

You are cautioned not to place undue reliance on these forward-looking statements, which reflect our views only as of today and not as of any subsequent date. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward-looking statements in light of new information or future events. These statements are subject to a variety of risks and uncertainties that could cause actual results to differ materially from these expectations. For a discussion of material risks and other important factors that could affect our actual results, please refer to our Form 10-K for the year ended December 31, 2022, filed with the SEC on February 9, 2023, which is available on the Investor Relations section of our website and the earnings press release issued earlier today.

Additional information will be made available in our Form 10-Q for the quarter ended September 30, 2023, and other filings and reports that we may file from time to time with the SEC. Additionally, non-GAAP financial measures will be discussed on this conference call. These non-GAAP financial measures, which are used as measures of JFrog's performance, should be considered in addition to, not as a substitute for or in isolation from, GAAP measures. Please refer to the tables in our earnings release for a reconciliation of those measures to their most directly comparable GAAP financial measures. A replay of this call will be available on the JFrog Investor Relations website for a limited time. With that, I'd like to turn the call over to JFrog CEO, Shlomi Ben Haim. Shlomi?

Shlomi Ben Haim (Co-Founder, CEO, and Chairman)

Thank you, Shanti, for the introduction, and thanks for stepping in today as we send warm wishes for fast return to health for Jeff Schreiner, our VP of Investor Relations. Greetings from Israel. Good afternoon, everyone, and thank you for joining us. On Saturday, October seventh, the nation of Israel awoke to a brutal terrorist attack targeting its civilian population. This tragic event resulted in the loss of innocent lives, including children, women, and the elderly. This heartbreaking incident escalated rapidly into an expanded war against the terrorist organization, Hamas. A few hours into the situation, JFrog, as a global company with a presence in 10 different countries, activated its Business Continuity Plan comprising three pillars. First, our internal plan to ensure the safety of our employees in Israel and maintaining communication channels. Second is a technology pillar to ensure continuity of our services, security, cyber defense, and R&D.

Finally, we activated the plan for external-facing activities to ensure continuity of our customers' engagement, support, and external communication. I'm pleased to report that our operations are running smoothly and our employees are safe and accounted for. Notably, the conflict in Israel has not prompted us to change our fiscal year 2023 business goals that were previously shared with you. We are closely monitoring the situation, but remain confident that the company will meet these targets. We extend our heartfelt condolences to the families who have tragically lost their loved ones. Our thoughts and prayers are with them during this incredibly difficult time. We pray for the safe and fast return of the hostages who have been kidnapped by Hamas, and we hope for the complete recovery of the thousands of individuals who have been injured. With that, I will move to the business.

I'm pleased to report that JFrog's third quarter revenue again exceeded our prior guidance, driven by increased cloud consumption, broader adoption of our security solution, and growing enterprise-scale adoption of the JFrog Software Supply Chain Platform. Our third quarter revenue was $88.6 million, reflecting 23% year-over-year growth. Cloud usage accelerated in Q3, delivering revenue of $30.6 million, increasing 46% year-over-year. We also exceeded our profitability guidance with a non-GAAP profit of $16.6 million, generating $25.4 million in free cash flow. Customers with ARR over $100,000 grew to 848, compared to 696 in the year ago period, increasing 22% year-over-year.

Customers with ARR over $1 million increased by 6 companies in the quarter to a total of 30, versus having 18 customers over $1 million in Q3 of last year. This is up 67% compared to the year-ago period. These results reflect the critical importance of the full JFrog software supply chain platform for software development infrastructure, with our three pillars of DevOps, security, and IoT driving strategic customer value. Now, I would like to expand on what made Q3 a strong quarter for JFrog, as our investments continue to bear fruit in accordance with the long-term plans we shared with you at the beginning of the year. First, we continue to see growth in large-scale enterprise adoption of our complete software supply chain platform.

Next, our comprehensive integrated software supply chain security and the adoption of our built-in end-to-end technology versus built-on legacy point solution scanners. Third, our cloud growth and marketplace channels, driven by our strategic sales team and through our cloud partnerships. And finally, JFrog's expansion into machine learning operations and AI solutions. I'll start with the growth in large-scale enterprise platform adoption. With increasing demands for delivering speed and the need for scalability and regulatory compliance, we are seeing more of our enterprise customers consolidating tools into a comprehensive platform. As an example, one of the largest telecommunication providers in the United States, with millions of global users, migrated away from a competitive self-hosted solution to the JFrog Platform in Q3 with an eight-figure, multi-year new business deal to standardize their operation and modernize their DevOps and DevSecOps practices in the cloud.

They selected the JFrog Platform's end-to-end capabilities, allowing them to build faster using JFrog Artifactory as a single source of record with high availability and efficient redundancy across their entire software development lifecycle. They further noted a need to deliver more robust policy management capabilities at scale and bring comprehensive security to their complete pipeline processes. We look forward to partnering with these customers to achieve their goals of on-prem to cloud migration, developer experience upgrades, high availability, universal binary management, and a comprehensive software supply chain security implementation. This use case reflects a growing trend of enterprise-wide adoption of the JFrog Platform and long-term standardization on JFrog's DevSecOps technologies.

At our recent user conference, SwampUp, customer speakers from global companies such as Fidelity, Netflix, Capital One, and eBay, just to name a few, all reflected a common trend: a single source of record of your software supply chain required complete management and control of binaries. A platform that is binary-centric from end to end is the only way to automate and secure with speed. On that note, I would like to address adoption of our holistic security solutions and the customer trend of tooling consolidation. It's a fact that the software supply chain flow is the flow of binaries, meaning true security can only be achieved with complete control of both binary release cycle as well as binary contents, dependencies, and metadata. JFrog continues to deliver security solutions into the market that are aligned with new attack threats and consolidations of point solution under one vendor.

For example, JFrog Curation, released in July and keynoted at our SwampUp conference, addresses the real pain of the enterprise around the secure consumption of open source technologies coming from public repositories. In addition, the new release of JFrog Catalog provides a listing of over four million third-party software packages stored in public repositories, solidifying JFrog as a single source of truth for the holistic, secure management of software packages. While companies' blind spot may be the security of open source and third-party packages, binaries are also built by in-house developers writing first-party code. To achieve end-to-end security coverage, JFrog is taking the security of software releases a step further to the left with the general availability of code scanning capabilities, often known as static application security testing, or SAST.

With these announcements in Q3, JFrog is the first solution in the industry to deliver end-to-end software supply chain security, providing customers complete coverage from code to production. JFrog Code Scanning with the new SAST solution protects first-party code. JFrog Curation protects companies from unwanted third-party packages from entering their organizations. JFrog Catalog provides metadata and augmented information about the company's binaries. Together with JFrog Xray and Advanced Security for secret detection and contextual analysis, JFrog is the only company that delivers complete security solution with a binary-centric approach. Combined with Artifactory, the leading binary repository, JFrog provides a complete DevSecOps solution for your software supply chain. This end-to-end security approach continues to gain traction across verticals. For example, one of the world's largest biotech companies recently adopted our entire security offering on the JFrog platform.

Looking to consolidate point solutions, they saw the value of having software supply chain security integrated with their binary management system. We look forward to helping them address their software supply chain security needs holistically, as they tell us they intend to migrate away from point solutions such as Mend in their tool stack. In another highly regulated industry, a nuclear security group within the United States Department of Energy recently acquired the JFrog Platform to improve their software supply chain security posture. One of the cybersecurity specialists in the Nevada National Security Site team, Brian Womack, noted, "A software supply chain platform is necessary for a practical means to meet certain governmental and standards requirements. More importantly, security at all stages of a software development lifecycle is necessary for national security interest.

Our response is, JFrog does that." Next, I would like to address growth in cloud adoption, marketplace channel growth, and our strategic sales motions. The expansion in the number of our over $1 million ARR customers this quarter demonstrates the continuing focus of our strategic sales team on driving large-scale software supply chain platform implementation with the key partnership of the major cloud providers. For example, one of the world's largest cloud computing and virtualization technology companies came to JFrog looking to implement their DevOps and DevSecOps cloud-first strategy. First looking to host JFrog Platform services themselves in the cloud, they rapidly realized they would greatly lower their total cost of ownership due to the lower maintenance and infrastructure costs that would be saved by utilizing JFrog Cloud Services.

With nearly 3,000 developers, this company is working with JFrog to provide a complete end-to-end platform implementation, which they acquired through the Microsoft Azure marketplace, through our strategic sales and partner teams. We believe our long-term investment in this top-down enterprise sales approach, driven by our strategic team, will continue to provide the North Star for JFrog's top shelf customers growth. Finally, regarding AI and machine learning, we were proud to announce the availability of DevOps and DevSecOps industry-first support for machine learning, model management in the JFrog platform in late Q3. As Katie Norton, senior research analyst for DevOps at IDC, noted in her Swamp Up report, quote, "The ML model management capabilities expand the JFrog platform into an entirely new space and persona.

A single system of record that can help automate ML models development, ongoing management, and security alongside all other components packaged into an application, offers a compelling alternative. Just as we provided common ground for developers and IT engineers years ago when DevOps started, JFrog now has the opportunity to bring the world of AI and MLOps into the world of DevOps and DevSecOps. Just as companies increasingly placed the demand on development teams to support security, they are now pressuring DevOps teams to deliver machine learning and AI capabilities in line with their applications. JFrog now provides a platform for binary management for developers, data scientists, machine learning engineers, and the machine themselves. As keynoted at Swamp Up, JFrog is the first and only repository manager to proxy the most popular public AI and ML model repository, Hugging Face.

We are also the first solution embedding security for ML model to scan models before they are used. Artifactory now natively supports AI models within the JFrog platform to manage and deliver ML capabilities alongside all other binaries within an organization. The AI supply chain is a software supply chain, and we are proud to be addressing this demand on developers. With that, I will turn the call over to our CFO, Jacob Shulman, who will provide an in-depth recap of Q3 financial results, as well as update you on our guidance for Q4 and for fiscal year 2023. Jacob?

Jacob Shulman (CFO)

Thank you, Shlomi, and good afternoon, everyone. During the third quarter, total revenues were $88.6 million, up 23% year-over-year. Our stronger-than-expected revenues in the quarter were driven by continued strength in our cloud business and expansion of large customers on the JFrog Software Supply Chain Platform. In the third quarter of 2023, our cloud business saw sequential expansion in customer usage, equaling revenues of $30.6 million, up 46% year-over-year. We're happy to see the acceleration in our cloud business growth, driven by continued increase in cloud usage and better collaboration with public clouds to enable large customers on their marketplaces. We reiterate our baseline cloud growth rate of mid-40s% during fiscal year 2023. Self-managed revenues or on-prem were $58 million, up 14% year-over-year during the quarter.

We continue to see that our customers' roadmaps and plans are focused on SaaS migration, and therefore they do not expand their on-prem footprint at the same pace as in prior years. We continue to believe that our security solutions can be a potential catalyst to re-accelerate revenue growth and customer expansion within our self-hosted business. Net dollar retention for the four trailing quarters was 119%, a decline of one point sequentially. As predicted, NDR is stabilizing, and we continue to expect our net dollar retention rate for the year to be at these levels. Our gross retention continued to be 97%, with no change in overall customer churn trends. In Q3, 46% of total revenue came from Enterprise Plus subscription, up from 39% in Q3 of 2022. Revenue from Enterprise Plus subscription grew 46% year-over-year.

Now let me discuss our income statement in more detail. Gross profit in the quarter was $74.1 million, representing a gross margin of 83.7%, up by 10 basis points from the second quarter, as economies of scale and cost control offset higher cloud revenue contribution. Operating expenses for the third quarter was $62.3 million, up by $100,000 sequentially, equaling 70.2% of revenues, compared with $59.4 million or 82.5% of revenues in the year ago period. During the third quarter, we continued to remain focused on expense discipline while investing in scaling our enterprise sales and channel partner teams and introducing multiple new products.

Our operating profit in Q3 was $11.9 million or a 13.4% operating margin, compared to an operating income of $1.2 million or 1.7% operating margin in the prior year, as we continue to execute toward increased profitability, as suggested in our long-term model. Third quarter net income equaled $16.6 million or $0.15 per diluted share, based on 110 million diluted shares outstanding, versus a year ago net profit of $1.8 million, or income of $0.02 per diluted share. Turning to the balance sheet and cash flow, we ended the September quarter with $502 million in cash and short-term investments, up from $443 million as of December 31, 2022.

Cash flow from operations was a record $26 million in the quarter. After taking into consideration CapEx, free cash flow was $25.4 million, generating a 28.6% free cash flow margin. Our strong free cash flow margin is driven by better-than-expected profitability and strong collection from our customers. We increased our expectations for free cash flow margin in fiscal 2023 and now believe we'll be able to achieve 15%-16% free cash flow margin. As of September 30, 2023, our remaining performance obligation totaled $235.1 million. Now, I'd like to speak about our guidance for the fourth quarter and full year 2023.

For Q4, we expect revenue to be between $92.5 million-$93.5 million, with non-GAAP operating profit between $10 million-$11 million and non-GAAP earnings per diluted share of $0.12-$0.13, assuming a share count of approximately 111 million shares. For the full year 2023, we anticipate total revenues in the range between $345.1 million and $346.1 million. Non-GAAP operating income is expected to be between $32.8 million and $33.8 million, and non-GAAP earnings per diluted share of $0.44-$0.45, assuming a share count of approximately 109 million shares. Now let me turn the call back to Shlomi for some closing remarks before we take your questions. Shlomi?

Shlomi Ben Haim (Co-Founder, CEO, and Chairman)

Thank you, Jacob. We believe that Q3's strong results showcased the alignment with our long-term strategic growth plans as we continue to meet technology and business goals. To JFrog's tireless global teams, thank you for your focus, solidarity, passion, and execution. Q3 is a testament to our resilience. I'm excited to welcome Ed Grabscheid as our new CFO beginning January 1, 2024. Ed brings vast experience prior to his time at JFrog and in the past four years as part of our finance leadership. Ed, we are confident that your leadership will continue to drive JFrog's success. From here, I would like to send our CFO, Jacob Shulman, the best of wishes on his next journey. While you will be with us through the end of this year, I'll take the opportunity now to thank you, Jacob, for the years of friendship and partnership.

You will always be a Frog. I would also like to congratulate Orit Goren, who was recently appointed as our Chief Sustainability Officer, highlighting JFrog's commitment to maintaining and driving responsible business. After many years as our Chief Operating Officer, I want to thank you, Orit, for taking on this very important role. In closing, our thoughts and prayers continue to be with the families affected by the brutality of the terror on Israel. Israel, like JFrog, is strong and will prevail. We hope for peaceful and secure days ahead. With that, thank you all for joining us for our Q3 earnings call, and may the Frog be with you. Now, we will be happy to take your questions. Operator?

Operator (participant)

Thank you so much. At this time, I would like to remind everyone that in order to ask a question, press star and the number one on your telephone keypad. Once again, star and the number one.

... And in the interest of time, we ask only one question per caller. Thank you in advance for understanding. And we will take a moment to compile the Q&A roster. Please stand by. Okay, looks like our first caller is from Pinjalim Bora from J.P. Morgan. Go ahead, please.

Noah Herman (VP and Software Research Analyst)

Hey, guys. This is Noah on for Pinjalim, and glad to hear everyone is staying safe. Congrats, Jacob. It's been great working with you and looking forward to working with you as well. Can you maybe just walk us through what you're seeing in terms of the cloud optimization at this point and any other incremental color you could provide on what drove the acceleration of cloud revenue growth? Thanks.

Jacob Shulman (CFO)

Yes, hi, Noah. So the trend that we see in Q3 continues the positive momentum on cloud usage. As you can see, our revenues accelerated, driven primarily by usage of our large customers and growth of our large customers and marketplaces, so that's very positive. We continue to see that migrations, while accelerated a bit from prior quarter, are still below prior year levels. And the overall adoption of our enterprise plus platform solution on marketplaces continue to drive and our cloud revenues, and that's the reason for acceleration in the cloud in the quarter.

Operator (participant)

Okay, thank you so much. Next, we have a question from Koji Ikeda, BofA Securities. Koji, go ahead.

Koji Ikeda (Director in Enterprise Software Equity Research)

Yeah. Hi, thank you. Thanks for taking the questions. Just wanted to follow up on the cloud growth, you know, the strong growth there. And Jacob, you just mentioned the migrations, but earlier in your prepared remarks, you were also talking about Advanced Security and its availability within the self-managed portion that could help re-accelerate that segment of the revenue mix. And so just trying to think of the puts and takes here, you know, thinking out into the future of how we should be thinking about overall migration as a SaaS revenue driver, but also the Advanced Security, which either could help stabilize or maybe even accelerate the self-managed piece, and when we could start seeing that in that piece of the revenue mix. Thanks, guys.

Shlomi Ben Haim (Co-Founder, CEO, and Chairman)

Hi, Koji, and thank you for the question. This is Shlomi. I'll take this one. I think that what we see in the cloud and the growth, the 46% year-over-year growth, is also a result of our strategic enterprise sales team, together with our partner team. We discussed that earlier this year, and it's the investment that we have done there. This team is focusing on not only migrating customers from self-hosted to the cloud or bring new logos to the cloud, this team is also focusing on looking holistically at the DevOps and DevSecOps requirements of our customers. Therefore, Advanced Security, Curation, and the new capabilities that we announced recently at Swamp Up and before are also included.

We spoke about one of the biggest telecommunications in North America that just migrated to the cloud together with JFrog. This company also adopted JFrog Advanced Security with a meaningful part of the subscription. The other company, which was discussed, the nuclear security company, also adopted the full platform together with security. So we see some kind of a movement, not only to have a DevOps end-to-end software supply chain security solution, but also to have a comprehensive built-in security within the platform rather than using point solution.

Operator (participant)

Okay, thank you so much. Once again, a reminder, folks, star one on your touch tone phone if you'd like to ask a question. Once again, star one. All right, our next question is from Sanjit Singh with Morgan Stanley. Sanjit, please go ahead.

Oscar Saavedra (Equity Research Associate specializing in Software Sector Research)

Hi, Oscar Saavedra on. Nice to hear about-

Operator (participant)

Go ahead with your question.

Oscar Saavedra (Equity Research Associate specializing in Software Sector Research)

Hello, can you hear me?

Operator (participant)

Yes, we can hear you. Go ahead.

Oscar Saavedra (Equity Research Associate specializing in Software Sector Research)

Okay, sorry. Yeah, it's nice to hear about your investing in sales and marketing to drive adoption in the large enterprise. But if we look at, you know, the last couple quarters, that as a percentage of revenue has sort of lowered. Should we think—how should we think about that? Is your plan to increase your head count in that department, or you think at this point you have the needed salesforce to drive that adoption? Thank you.

Shlomi Ben Haim (Co-Founder, CEO, and Chairman)

Yes, sure. So over the past years, we've made significant investments into our go-to-market capabilities. Few years back, we started building our enterprise sales team, strategic sales team. Then last year, we started building our partnership and channel team. So we continue to make investments, and we built a security overlay and some additional capabilities on a holistic top-down approach to go-to-market approach. So those investments started bearing fruit, and that's why we see that S&M investment, as a percent of revenue, becoming more scalable, and we see more leverage. We'll definitely continue to invest in those capabilities, and we'll continue to grow our sales and marketing expenses in absolute dollars.

In the long term, as predicted in our long-term model, we expect to see more leverage, and therefore, the percent of revenue that's expenses will continue to go down in the long term.

Operator (participant)

Okay, thank you very much. Next, we have a question from Miller Jump with Truist Securities. Go ahead, Miller.

Miller Jump (Director and Senior Equity Research Analyst)

Hey, thank you for taking the question, and congrats on the strong results. I guess I was just curious, could you talk about maybe the advance, or excuse me, the opportunity you see for Advanced Security and Curation this year going into the fourth quarter, given the concentration of renewals there? And just any color you could give on what you're baking into guidance for that. Thanks.

Shlomi Ben Haim (Co-Founder, CEO, and Chairman)

Yes, thank you for this question. As we guided the market, we announced JFrog Advanced Security earlier this year. It's a set of six capabilities that are added to the platform. Just last quarter, we announced Curation, which is an additional product that protects the organization from the get-go. We think that what we see here is an adoption of a consolidated security solution, which will become material in the next year. This is how we guided the market. Currently, we are very pleased with the adoption, tens of customers that already adopted this as part of the platform usage. The security additions will become material in the next year.

Operator (participant)

Okay, thanks so much. Next, we have a question from Kingsley Crane with Canaccord Genuity Corporation. Kingsley, go ahead.

Kingsley Crane (Senior Equity Research Analyst)

Hi, thanks for taking the question. So, at Swamp Up, Peter, you mentioned that the products you were releasing were thematically consistent with the growth drivers of cloud and security, so they kinda fit nicely in with the long-term model of 30% plus growth. So, you know, as we move forward, how much of that, how much of your existing product portfolio can contribute to that, to that growth figure? Or in other words, you know, how much more products do we need to be released in order to hit that target?

Shlomi Ben Haim (Co-Founder, CEO, and Chairman)

Thank you, Kingsley. What we announced in Swamp Up was part of our roadmap. We announced several tools that support the full software supply chain platform play that we implement in the market. JFrog Advanced Security comes first, then JFrog Curation and Catalog, which was announced and keynoted in Swamp Up. We are also planning to have some security capabilities on the runtime, so shifting right. We added static analysis security on the left to secure your code. And by that, we provide an end-to-end security solution. On top of that, we also announced the AI and MLOps capabilities as part of the platform, natively supporting security scanning for ML models and storage of ML models in Artifactory.

If you look at the global picture altogether, JFrog Platform today provides a full end-to-end solution for DevOps and DevSecOps from code to production. And in the next few quarters, we already have items in our roadmap to complete even further right to what we discussed.

And if I may add to that, so when we released our long-term model, we already had this new products either at the market, launched in the market, or just about to be launched in the market. So we definitely took those, products into account when we, released and shared our long-term targets with you.

Operator (participant)

Okay, thank you both. One more reminder, star one on your touch tone phone if you'd like to ask a question. And our next caller is Itay Kidron with Oppenheimer. Please go ahead.

Ittai Kidron (Managing Director and Senior Analyst covering Analytics, Data, Security and Infrastructure Software)

Thank you, and Shlomi, our thoughts with you and the whole team in Israel, of course. Shlomi, I wanted to make sure I understand the security side. Could customers buy your security solutions without artifacts, or that's still not a possibility? If so, when will that happen? And then, maybe for you, Jacob, on the expansion rate, with all the new product coming along and clearly with this better execution on the up-sale and the traction of $1 million customers, how should we think about net dollar expansion rate here going forward for the next couple of quarters?

Shlomi Ben Haim (Co-Founder, CEO, and Chairman)

Hi, Ittai. What we see as reported is that our net dollar retention is stabilized around the 120, 119, as predicted and as guided. In the self-hosted solution, since our security solution is based on a per-seat model on top of the platform, we look to see some acceleration there, though our strategy is very focused on the cloud and the cloud migration, and there as well, security will be a strong driver to support the net dollar retention guidance that we provide, we provided. Security in both cases, both deployment environment, cloud and self-hosted, is based on by developers and not only by consumption, so we think it will support the net dollar retention, and it will be aligned with our guidance.

Jacob Shulman (CFO)

Yes, Ittai, will be stabilized-

... of net dollar retention this level, and it's obviously too soon for us to provide the guidance for 2024.

Ittai Kidron (Managing Director and Senior Analyst covering Analytics, Data, Security and Infrastructure Software)

Okay. But Shlomi, just to make sure I understand, can I buy your Security, Advanced Security, and Curation without buying Artifactory?

Shlomi Ben Haim (Co-Founder, CEO, and Chairman)

No. Currently, security, our solution security is part of the platform coming with the Artifactory and Xray. In the future, we may consider to have it as a standalone solution. Currently, it's a full solution coming with the platform.

Ittai Kidron (Managing Director and Senior Analyst covering Analytics, Data, Security and Infrastructure Software)

Appreciate it. Thank you.

Operator (participant)

Thank you. And our next caller is Brad Reback from Stifel. Brad, go ahead.

Brad Reback (Managing Director in the Technology Sector covering Enterprise Software)

Great. Thanks very much. Shlomi, as we think about sort of the emergence of AI and ML, large language models, how does that play to help accelerate usage of the cloud, Artifactory? Thanks.

Shlomi Ben Haim (Co-Founder, CEO, and Chairman)

Yes, great. Thank you, Brad. AI and MLOps, these are technologies that are being adopted rapidly by all organization and also the enterprise are looking into it. As you are familiar with our portfolio, the majority of our customers are enterprise customers with thousands of developers. And to be frank with you, most of them are trying to first kind of put down the playbooks and the regulation of how you use AI, how you secure AI, how you automate it, and how you become more efficient with it, before you let machine code and build binaries and distribute it for you. So, we planted the seeds. JFrog is the first and only company in the world that practically provide AI solutions for our customers. We planted the seed not only for DevOps, but also for security.

Artifactory natively proxy Hugging Face, the public repository, and Xray automatically scan all ML models before they are getting into the system, to the software supply chain. With the rapid growth and rapid adoption of AI and MLOps, we believe that this will be just another practice for the JFrog users and will accelerate the adoption of our platform. Will put us in a very good position in terms of competition that might come up in the future, and will serve our customers and community better with the universality that we provide. Currently, it's too early to say how will this impact the long-term model.

Brad Reback (Managing Director in the Technology Sector covering Enterprise Software)

That's great. Thanks very much.

Operator (participant)

Thank you. And our next caller is Jonathan Ruykhaver from Cantor Fitzgerald. Jonathan, go ahead.

Jonathan Ruykhaver (Senior Research Analyst)

Yeah, thank you. So, Shlomi, an interesting point that has come up in discussions we've had with JFrog customers is around the automation that Artifactory brings to third-party CI/CD solutions, and, you know, specifically the significant reduction in build time and cost savings. Can you just comment on that dynamic, how important it might be when you look at new lands? And also, what is the implication to pipelines? Is pipelines less of an opportunity, just given how well you work with other CI/CD tools?

Jacob Shulman (CFO)

Yes. Thanks for this question, John. JFrog Artifactory and JFrog Platform overall is based on an open REST API, working with all the major CI/CD tools in the market. We are natively supporting GitHub Actions, Jenkins, GitLab CI/CD, CircleCI, and obviously others. It's also mandatory for everyone who use CI to use the binary repository, because the moment you use CI on top of your source code repository, you create a binary, and then the deployment into Artifactory and pulling out from Artifactory by CI/CD and automating the full software supply chain is being made in and out from Artifactory. Regarding JFrog Pipelines, JFrog Pipelines is accelerating the automation of the JFrog Platform, integrates with all the CI/CD tools, and help you promote binaries from every quality gate all the way to production.

JFrog Pipelines also provide a friendly UI for users to manage the dependencies and to manage the source of all binaries. We don't see JFrog Pipeline as a catalyst for the adoption of our platform or a catalyst or a major catalyst for ARR. Actually, what we see is that using JFrog Pipeline makes our users more faster and secured as they secure their pipeline by using it.

Jonathan Ruykhaver (Senior Research Analyst)

Okay, so it's having a strong impact in terms of the value proposition, but it's not necessarily impacting ARR or the adoption of the Enterprise Plus package, correct?

Jacob Shulman (CFO)

Correct.

Jonathan Ruykhaver (Senior Research Analyst)

Okay. Okay, thank you.

Operator (participant)

Okay, thank you. Looks like our next call is from Mike Cikos with Needham & Company. Mike, go ahead.

Mike Cikos (VP and Senior Equity Research Analyst)

Great. Thank you. Thank you for getting me on the call here, and I apologize if I missed this in the prepared remarks or the Q&A. I know I'm juggling a couple different earnings calls, like I imagine my peers are as well. But I think the first question, if I could, for Shlomi, we were struck last quarter when the company was saying that the optimization headwinds were largely behind the company. And I apologize if I missed this, but can you provide us an update? Does that still stand here where we are today? Is it fair to think that those optimization headwinds for JFrog are now firmly in the rearview mirror? And then I just had one follow-up.

Shlomi Ben Haim (Co-Founder, CEO, and Chairman)

Yes, Mike, we did talk about the usage trends, and we continue to see continuous growth of usage. So we do believe that this wave of optimization is behind us. We continue to see the adoption of our platform by larger customers on marketplaces. However, having said that, we also see slower pace of migrations comparing to prior year. So definitely macro headwinds in terms of impact on pace of migration is still there, but cloud usage continues to grow, and that's trend that we've been experiencing for a couple quarters now.

Mike Cikos (VP and Senior Equity Research Analyst)

Got it. Got it. Okay. Thank you for calling that out. And I think maybe one other item. I think earlier this year as well, I know the company was trying to adjust its free tier, and I think that you guys had decided to limit the number of users that fell under that free tier. And maybe by creating that limited capacity, there was a thought that that could benefit the model in some capacity from a monetization standpoint. Can you remind us what the initial findings on conversion or benefit to revenue, if any, have come through the model at this point?

Jacob Shulman (CFO)

Yes, Mike, when we decided to kind of building the top of the funnel without free tier, earlier in 2022, the main reason was all the additions that we provided with, with security and the IoT capabilities that you cannot just have on a free tier basic DevOps solution. It didn't serve, not the strategy, the product strategy, and not the go-to-market strategy, which became top-down strategic enterprise sales. The conversion that we've seen from the free tier, where customers usually small groups of developers that converted to Artifactory and the paid subscription, and we decided that it doesn't serve the top of the funnel. I'm happy to report that you can see that what we have built now with our enterprise sales and the strategic sales bear fruits.

One of the results being demonstrated this quarter is the amount of customers that are going over $100,000 and over $1 million. This is not coming from free tier, as you probably understand.

Operator (participant)

Okay, thank you so much. Our next caller is Nick Altman with Deutsche Bank. Nick, go ahead.

John Gomez (Research Analyst)

Hi, this is John Gomez on for Nick. Thanks for taking the question. Can you talk about how September and October trended from a macro perspective relative to expectations, and whether, you know, you have seen any meaningful change in overall, like, buying propensity from customers? Thanks.

Jacob Shulman (CFO)

No, we did not see any changes, and the trends in October continue to be comparable with Q3.

Operator (participant)

Okay, thank you. Next caller is from Ethan Weeks with Piper Sandler. Ethan, go ahead.

Ethan Weeks (Research Analyst)

Great. Thanks for taking my question. This is, Ethan on for Rob. Seems like there's still a large amount of organizations out there using either free or open source binary repository management solutions. And as we think about the amount of innovation and product releases you've had on the security side, do you think this could provide a catalyst maybe for a lot of these organizations to start considering a commercial solution? Or if not, maybe what that catalyst may be in the future as we think about new customer growth and converting some of these onto your, your platform. Thank you.

Jacob Shulman (CFO)

Yes, I'll take this one. We built the JFrog extraction from the bottom up, from the developers up, and obviously starting with open source, build the consensus around the Artifactory as a single source of record for the organization. What we know now, years after, is that it takes more than just one open source solution. When you want to build a comprehensive software supply chain solution, especially on an enterprise infrastructure level, you have to adopt some security tools to it. You have to adopt universality, high availability, multi-site topology, and very often you want to move everything to the cloud, which obviously has nothing to do with open source or not. It's about having it as a service. For sure, yes, it's a top of funnel.

A lot of potential customers are looking at the open source before they are trying our tools in the free trial. But the open source is still there, serving us among developers. On the enterprise, where JFrog shines, it's a very temporary solution and usually being replaced very fast.

Operator (participant)

Okay, thank you. Our final question comes from Michael Turits with KeyBank Capital Markets. Michael, go ahead.

William Mandl (VP and Equity Research Analyst)

Hey, this is Billy on for Michael. Just wanted to ask, with Curation crossing between kind of both developers and security, have you seen that acting at all as a gateway to broader conversations with the CISO? Should, should we think about Curation as the next logical customer expansion from the core product before adopting Advanced Security? Thanks.

Jacob Shulman (CFO)

... Yes, thank you. This is a wonderful question. Curation is very, very unique because Curation lands on the common ground of the CIO and the CISO. What I mean by that is that companies realize that they can become far more efficient with adopting open source packages by scanning it before it's even getting into the organization. And therefore, Curation is very appealing and growing very fast. The pipeline, we are very pleased with what we see, that people immediately understand it. It doesn't matter if you're coming from the security side or the DevOps side, you immediately understand the value of preventing malicious packages to get into your organization, to your software supply chain. So we absolutely think that this will accelerate the adoption of our security solution.

This is also why on the go-to-market, it's separated from JFrog Advanced Security, but still based on the same, business model. In the future, we will add more capabilities that will provide a full, comprehensive DevSecOps solution. But already now, we see that nobody's just building from scratch, and everybody brings open source, packages, and therefore, you want to secure them and to curate them, to bless them before they are getting into, your software supply chain. Once they are in, then JFrog Advanced Security take, an Xray, take position, and secure your pipeline. So my answer is absolutely yes, and, I'm looking forward to see how this is changing the landscape of how open source software packages are being used.

Operator (participant)

Thank you. And there are no further questions at this time, so I will turn the call back to Shlomi for closing remarks.

Shlomi Ben Haim (Co-Founder, CEO, and Chairman)

Well, thank you, everyone. Thank you for taking the time to join us today. We pray for more peaceful, quiet days here in Israel, and may the Frog be with you. Thank you very much.

Operator (participant)

This concludes today's call. Thank you for attending, and you may now disconnect.