This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
spk10: Ladies and gentlemen, thank you for joining us and welcome to JFrog's third quarter 2022 earnings conference call. I'll hand the conference over today to Jeff Schreiner, VP of Investor Relations. Jeff, please go ahead.
spk06: Good afternoon and thank you for joining us as we review JFrog's third quarter financial results, which were announced following market close today via press release. Leading the call today will be JFrog CEO and co-founder, Shlomi Benhaim, and Jacob Schulman, JFrog CFO. During this call, we may make statements related to our business that are forward-looking under federal securities law and are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including statements related to our future financial performance, including our outlook for the fourth quarter and full year of 2022. The words anticipate, believe, continue, estimate, expect, intend, will, and similar expressions are intended to identify forward-looking statements or similar indications of future expectations. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our views only as of today and not as of any other subsequent day. Please keep in mind that we are not obligating ourselves to revise our public release the results of any revision to these forward-looking statements in light of new information or future events. These statements are subject to a variety of risks and uncertainties that could cause actual results to differ materially from expectations. For discussion of material risks and other important factors that could affect our actual results, please refer to our Form 10-K for the year ended December 31, 2021, filed with the SEC on February 11, 2022. which is available on the investor relations section of our website and the earnings press release issued earlier today. Additional information will be made available in our Form 10-Q for the quarter ended September 30, 2022, and other filings and reports that we may file from time to time with the SEC. Additionally, non-GAAP financial measures will be discussed on this conference call. These non-GAAP financial measures, which are used as measures of JFROG's performance should be considered in addition to, not as a substitute for, or in isolation from GAAP measures. Please refer to the tables in our earnings release for reconciliation of those measures to their most directly comparable GAAP financial measures. A replay of this call will be available on the JFROG Investor Relations website for a limited time. With that, I'd like to turn the call over to JFROG CEO Shlomi Benham. Shlomi?
spk09: Thank you, Jeff. Welcome, everyone, to our third quarter earnings call. I'm proud to report yet another strong and fruitful quarter for JFog. In Q3, JFog exceeded the high end of our guidance across all metrics, driven by the strength of our platform across our DevOps, security, and IoT pillars. Our third quarter revenue was $72 million, reflecting 34% year-over-year growth. Our cloud revenue increased 60% year-over-year. This is driven by expanded adoption of our platform and continued customer migration to multi-cloud and hybrid environments. The list of global enterprise customers making JFrog a part of their backbone of their DevOps and DevOps process also continues to grow. Customers with ARR over $100,000 grew to 696 compared to 647 in the previous quarter, increasing 49% year-over-year. Customers with ARR over $1 million increased sequentially to 18, up from 17 in the previous quarter, and up 29% year-over-year. Our trailing four quarters net dollar retention was 130%. As the single source of tools and system of records for our company's software deliveries, the JPEG platform, which is the only binary-focused end-to-end solution, continues to be mission critical for our customers. We're proud to be our customers' strategic partners and thankful for their trust. Now, allow me to elaborate on how this played out in Q3 with some key themes. First, the growth in full platform adoption demonstrating maturing needs for end-to-end DevOps and DevSecOps consolidated solutions. A growing interest in our binary-focused security solutions, including our recently released advanced security offering. Third, the ongoing transformation of companies managing their software supply chain process in the cloud and enterprise DevOps migration to the cloud. And fourth, the growing need to bridge DevOps and security with IoT and connected devices. Let's begin with the increased adoption of our platform. We have been very encouraged by the ongoing adoption of our Enterprise Plus subscription by some of the world's largest enterprises. The trend of the growing number of Enterprise Plus customers and its increasing revenue contribution support our view that the market needs more mature end-to-end solutions. Our customers tell us how they use JPEG platform to import, build, manage, secure, and distribute binaries to production, and how vital our solution is to the full software supply chain flow. We recently attended Morgan Stanley's Innovation Summit, a conference the firm has hosted for 20 years where the bank tech leadership reviewed our joint plans moving forward. Just a few years ago, They began with an initial deployment of self-hosted artifactory and expanded to security and distribution, adopting the JFrog platform on-prem and in the cloud. Morgan Stanley's Global Head of Enterprise Technology Architecture, Modernization and DevOps, Trevor Bronson, summarized it best, and I'm quoting, JFrog's focus and vision to provide publish-anywhere, available-everywhere platform uniquely addresses Morgan Stanley's needs for a modern DevOps solution with global scale everywhere we operate, on-prem, in any cloud, and more importantly, near the edge of service. We continue working together to mature the next generation of software distribution with fully managed controls at enterprise scale." We are honored to have a visionary like Morgan Stanley as a customer. and excited to keep improving our platform play at scale as today's world's enterprises demand. A full, scalable 360 binary lifecycle management to automate the software supply chain securely. Second, our security pillar. We recently released our most significant set of security capabilities to date, JFOG Advanced Security. We introduced the world to the first DevOps-centric security solution that is focused on binaries. Why is it unique? JFrog serves as our customer's single source of tools for all binaries, whether it was built in-house or brought in as open source packages. Binaries are the only way development teams can fully control, automate, and secure the entire software supply chain flow, as binary includes all the data about how they were created, built, tested, and what other part of application they depend upon or impact. Any security tool that attempt to provide a software supply chain solution will either need to deeply integrate with JFrog Artifactory or build a binary repository. JFrog has released a set of capabilities that natively integrates with Artifactory. Therefore, JFrog is able to provide security with a unique perspective The concept of better software supply chain security is simple. If you don't control and own the binaries, you can't secure them. With features like leak-secure detection, contextual analysis, and malicious package scanning, just to name a few included in JFrog Advanced Security, we are branching out of the software composition analysis area to secure the left and right of the factory. The market acknowledged developers became the targets of hackers, and the world already suffered from incidents like Lock4j, Spring Shell, or other vulnerable binaries that expose the old organization to a risk. This combination of holistic security with the power of the JFOG platform, controlling and watching the binary's life cycle, will address the need for a new era of software supply chain security threats. We are happy to see industry leaders like Google Cloud looking at binary authentication as a critical aspect for software supply chain security. We are positive that more security solutions will follow JFrog and acknowledge binaries as the primary asset to secure in a modern software delivery flow. Third, cloud goals, migration, and standardization. JFrog leads the philosophy of hybrid and multi-cloud DevOps strategy and our customers tell us that it is here to stay. For most enterprises, this essential infrastructure migration is a multi-year effort that involves a gradual strategic change over time. JFrog's hybrid approach enables them to move workloads on their own pace while adhering to standards and regulations. In Q3, one of the world's top three largest automobile manufacturers joined JFrog as a new customer, This multi-million dollar deal that was completed in partnership with Cloud Marketplace included a full adoption of the JFrog platform and notably originated through community efforts around Conan, JFrog's open source C++ package manager, preferred by many automotive and IoT groups. These customers look at DevOps and DevSecOps SaaS solutions that can scale and centralize global development. They emphasized the need for binary management, universality, security, and distribution, which was perfectly aligned with the JFrog solution. They migrated from Sonotek Nexus to the JFrog platform, looking to standardize on the cloud and evolve during the era of electric vehicles. Another example of shifting DevOps to the cloud with JFrog came from an existing customer, one of the most recognizable heavy equipment manufacturers in the U.S., signing a deal with over $500,000 AR. In addition to migration, this company was also looking to standardize their software distribution process and remove manual, time-consuming tasks across all their software delivery pipelines. And now, to the early emergence of DevOps for IoT. In Q2, we announced the availability of J4 Connect. Now, in Q3, we saw the first large deal generated by J4 Connect in tandem with the JFOK platform. An international defense electronics company chose JFOK to manage one of Western Europe's technology-advanced armed forces' full DevOps flow to enable over-the-air software updates to the edge. In this case, the edge is heavy military equipment, such as combat vehicles. In a software-driven era, modern defensive equipment can't operate without updated software. However, today, a soldier is required to update each edge with a flash drive manually. In a real-world implementation of our liquid software vision, this process will be automated and will bridge DevOps practices with over-the-air solutions, allowing continuous updates to the field. Again, binaries are the only software asset that is being deployed on the device. can now be managed and distributed by Artifactory, continuously secured by JFrog Security, deployed and monitored all the way to the edge by JFrog Connect. We look forward to working with more customers to build and mature this adoption at the edge, yet another task that will land on the developer's plate in the future. The CEO of Ford Motor Company noted it clearly a few weeks ago as he shared the next era of transformation for his organization, and I'm quoting, the next revolution in auto is digital. And Ford intends to lead that revolution. We are turning our vehicles into generators of data that will receive continuous updates, end quote. We are proud. The JPROX Liquid software and continuous update vision leads this change and becoming a reality. I now want to address the ongoing macroeconomic challenges and geopolitical impact many of our customers and communities are facing. Customers around the globe are looking at ways to increase efficiency and to improve their cash flow and operations through vendor consolidation and more focused strategic areas of investment. With our business efficiency and growing market demand for DevOps and security holistic offerings, we are positioned well to face macroeconomics headwinds. We see the opportunity that customers will use an essential infrastructure like JFrog platform to consolidate across DevOps and DevSecOps and replace legacy processes or point solutions. However, JFOG is not immune to these macro-driven headwinds, and we continue to see longer sales cycles, additional budget approval requirements, and project delays. As we step into the last quarter of 2022, I would also like to note that we stayed committed to our plans to finish the year breakeven as we operate and run a solid business that not only builds value for our shareholders innovate and pioneer the DevOps market, serve thousands of customers, but also being a home for over a thousand Frogs worldwide. We take pride not only in our technology and business success, but also its resiliency during troubled times. Before I hand the call to Jacob, I want to extend a warm welcome to the newest member of JFrogs board, Yvonne Wassenaar. With over 30 years of experience in enterprise software, cybersecurity, and cloud, Yvonne leaped into our board as she brings JFrog a wealth of industry expertise and go-to-market acceleration strategies that will help drive the company's advancement in DevOps, security, and IoT markets. With that, I'll turn the call over to our CFO, Jacob Schulman, who will provide an in-depth recap of Q3 results and update you on our outlook for both Q4 and fiscal year 2022. Jacob. Thank you, Shlomi, and good afternoon, everyone. During the third quarter, total revenues were $72 million, up 34% year over year. Expansion in our cloud business continued with revenues of $21 million, up 60% year-over-year, representing 29% of total revenues, driven by new customer wins and increased usage within security and DevOps solutions. We are pleased with continued growth momentum in our SaaS business, despite some optimization of usage by our customers that we experienced during the quarter. We saw customers adjusting their usage patterns to get some cost savings as well as utilize better pricing by moving from pay-as-you-go subscription to minimum annual commitments. Nevertheless, we believe our SaaS business will continue to grow rapidly by expansion of DevOps and security solutions, as well as new customer lands on the cloud. We reiterate our belief that the baseline growth rate for our cloud business remains in the mid-50% range, with potential upside from customer usage as we have seen so far in 2022. Self-managed revenues, or on-prem, were $51 million, up 26% versus the third quarter of 2021. On a year-over-year basis, growth in our self-managed revenues continued to be persistent, even as vast majority of our new customers are first landing on the cloud, and many large on-prem customers are gradually migrating toward hybrid deployments. We believe JFrog's hybrid solution allows freedom of choice, providing more control over how and when customers transition to the cloud. We view our support for hybrid coupled with continued growth in self-managed deployments as future drivers of solid growth in our on-prem business. Net dollar retention for the four trailing quarters was 130% in line with our prior commentary. As of the quarter end, we had 696 customers with ARR of over $100,000, up from 647 customers as of June 30, 2022, and up 49% from 466 at the end of Q3 of 2021. We also grew the number of over 1 million ARR customers to 18, up 29% year over year. As we discussed in the past, adoption of the full platform is a key factor in the increasing size of our customers. In Q3 of 2022, 39% of our revenue came from enterprise plus customers, up from 34% in Q3 of 2021. Now let me discuss the income statement in more detail. Gross profit in the quarter was $60.6 million, representing a gross margin of 84.2% compared to 84.5% in the year-ago period. We expect gross margins will remain between 83% and 84% in the near future, and then trend toward the low 80s over the long term as cloud revenues become a greater portion of our total revenue. Operating expenses for the third quarter were $59.4 million, or 82% of revenues, up from $44.1 million, or 82% of revenues, in the year-ago period. Our operating expenses grew approximately 600,000 sequentially as we initiated previously announced operational efficiencies. While we continue to invest strategically within R&D and build out our enterprise sales and channel relationship for the long term, we also have continued to look for ways to enhance productivity and reduce costs. Non-GAAP operating profit in Q3 was $1.2 million or a 1.7% operating margin compared to an operating profit of $1.3 million or a 2.5% operating margin in the year-ago period. We turn back to profitability this quarter, as non-GAAP net income in the quarter was $1.8 million, with earnings per share of 2 cents, based on approximately 105 million weighted average diluted shares outstanding, compared to a loss per share of 2 cents in the previous quarter. Turning to the balance sheet and cash flow, We ended the quarter with $434 million in cash and short-term investments, up from $430.2 million as of June 30, 2022. Cash flow from operations was $5.1 million in the quarter. After taking into consideration CapEx, free cash flow was $3.8 million. We remain committed to accelerating our free cash flow margin toward our long-term targets of 30% over the coming years. As of September 30, 2022, our remaining performance obligations totaled $189.8 million. As Shlomi noted, the overall global macro environment remains challenging. However, I'm proud to say that our renewal rates remain high, usage remains high, and some of the world's biggest companies are turning to JFrog to make them more efficient, more secure, and more scalable. We have already implemented some cost savings initiatives and will continue to do so as we navigate these uncertain times. We remain consistent with our forward guidance methodology, working to balance the macro challenges faced by the global economy and the opportunities we see to expand JFrog's role in the software supply chain. For Q4, we expect revenue to be $76.5 million to $77.5 million, with non-GAAP operating profit between $1 and $2 million, and non-GAAP earnings per diluted share of 1 to 2 cents, assuming a share count of approximately 106 million shares. For the full year of 2022, we anticipate a range between $280 million and $281 million. Non-GAAP operating income is expected to be between $1 million and $2 million, and non-GAAP earnings per diluted share of $0.01 to $0.02, assuming a share count of approximately 106 million shares. We're guided to breakeven levels for fiscal 2022, and even with the catalysts created by the current environment, we'll continue to execute on this commitment. Now let me turn the call back to Shlomi for some closing remarks before we take your questions. Shlomi? Thank you, Jacob. As I'm wrapping up, I'd like to thank my team. I'm proud and honored to work alongside the team driving this ground-shaking innovation. We look forward to partnering with our customers to drive their digital transformation and adopt a modern DevOps security and IoT solution with our platform. Thank you all for your attendance today and may the frog be with you. And now, we'll be happy to take your questions. Operator?
spk10: Thank you, sir. And ladies and gentlemen, if you would like to ask a question, please press star 1 on your telephone keypad. Once again, that is star 1 if you would like to ask a question today. We're going to take our first question from Mike Sikos, Needham & Company.
spk05: Hey, guys. Thanks for taking the questions here. I wanted to circle up on some of the commentary regarding the macroeconomic environment. And I know that you guys are saying, hey, you're not immune. We are still seeing longer sales cycles, additional process approvals, and these budget delays. I know that we had called out some of these factors last quarter when we last caught up. Can you help us think about have these sales cycles, the extensions, are they getting worse versus where we were three months ago? Or is it spreading to different geographies versus what we were calling out last quarter? Any color there would be helpful.
spk09: Hi, Mike. This is Jacob. I will take this question. So overall, we see pretty comparable sales cycles comparable to last quarter. We did see slightly more weakness in Europe this time, partially driven also by stronger currency. As you know, we charge our customers in US dollars, and we've seen that uh strong dollar uh kind of makes our customers in europe to think a bit longer before they commit to the project but overall we don't see any significant changes in the cell cycle thank you for that if i could just squeeze in maybe a two-porter here but i know in the prepared remarks you guys had uh called out i believe it was a competitive displacement versus sonotype nexus
spk05: And just curious, can you help us think about when you are seeing competitors out there, who are the most common competitors that you're bumping up against? Has there been any change on the competitive front?
spk14: Yes. Hi, Mike. This is Romy.
spk09: Take this question. So, yes, we mentioned the large deal that we bought in this quarter and displaced some of that nexus. In terms of the full holistic platform that is focused on binaries, I think JFog stands first and we see less competition there. But if you break the platform to different capabilities, obviously in the world of security, we see some point solutions that competes on the static code analysis area and developers security. On the package management, obviously there are some solutions that are very limited in terms of the universality of the package and the binaries they support. But we don't see any vendor provide a full platform that is focusing on the binaries and secure your software supply chain, manage your binaries, and also the distribution to the edge. More of what we see At the front, it's homegrown solution that we are replacing and some emerging technologies that are trying to get into this market.
spk05: Great. Thank you for the color, guys.
spk14: I'll turn it over to my peers. Appreciate it.
spk13: Next up, we'll hear from Brad Rebeck, Diesel.
spk12: Great. Thanks very much. Jacob, on your optimization commentary on the SAS product, Will that linger here into 4Q, or was that pretty much confined from your standpoint to the September quarter?
spk09: Yes, it really depends when customers initiated those changes. We've seen customers kind of gradually introducing those. We still believe that our SaaS business will continue to grow rapidly. We reiterated that. baseline for our SaaS growth with potential upsides from usage. As you know, Brad, we continue to introduce new capabilities in cloud to present additional expansion opportunities for NASA. We're confident that our cloud will continue to grow rapidly.
spk12: That's great. And then, Swami, do you still feel pretty good about your ability to sustain 30% organic growth as you've talked about historically?
spk14: Yes. Perfect. Thanks very much.
spk10: Our next question today comes from Kingsley Crane, Canaccord.
spk04: Hi, thanks for taking my question. So overall, your business appears to have held up quite nicely. I just want to take a step back. How sensitive do you think your platform is to cost rationalization in general?
spk14: And do you think the nature of your platform makes it more defensible? Can you please repeat the question?
spk04: Yes. So do you think, or how sensitive do you think your platform is to cost rationalization? And do you think the nature of your platform makes it more defensible versus something like a monitoring platform, for example?
spk14: Yeah, I'll take, I'll take, please feel free to chime in.
spk09: First of all, uh we provide a lot of value to our customers uh our platform helps to significantly improve efficiencies of the software delivery process and it is mission critical tool for many of our customers therefore we believe that despite the fact that customers maybe try to utilize some optimization efforts on sas there's still significant need for them to expand our platform usage because they generate significant value from uh from streamlining the software delivery process? Yeah, well, regarding the platform, I think that what we hear from our customers is that they are looking to consider the point solution into one solution that is centralized on the software supply chain. Software supply chain is being managed through the binaries. This is what you host, and this is what you promote, this is what you distribute, and this is what you secure. With the latest release of JFOG Advanced Security, with the release of JFOG Connect, we actually provide our customers with full ability to take the binaries from the development phase all the way to the deployment at the edge. Customers find that very appealing, plus the fact that it's available as an on-prem solution and cloud solution on every cloud, almost on every region. So that's becoming an essential part of the decision-making when you speak about the essential infrastructure of migration in our customer sites.
spk04: Great, thank you. That's really helpful. And just one follow-up would be, I want to talk more about your large Connect deal. What did you learn in the process that can help with other deals going forward, and how would you gauge overall customer demand?
spk14: Yeah, well...
spk09: J4Connect is something that we announced in Q2 in addition to our platform. And we were very, very excited to see that the large project, the defense project in one of the European militaries, decided to take the leap after using Artifactory and X-Ray, Artifactory draws the binaries, X-Ray to secure them, to take the binaries all the way to the edge. Software update over the edge is the future. And as we said in the past, security became part of the developer's task. We know that in the future, deployment to the edge over the update will be part of the developer's task. So building that as part of our platform Being able to deploy this update over the air as the combat vehicle is running is a big, big change. And currently in the market, JFOG is the only platform that provides this capability.
spk14: Okay, very helpful. Thank you.
spk13: Our next question today comes from Bob Hwang, Morgan Stanley.
spk03: Hi, this is Bob telling it for Sanjay. For starters, just to think about your security product strategy. Do you have to change your go-to-market motion, or do you have to invest in additional specialist sales teams or security teams to really have your products adopted? Or is that the way to think about it?
spk09: Yes, that's a very good question. Thank you, Bob. was released just a few weeks ago. And what we see from the market is that the excitement and the interest around it really shows a very high demand for what we've released. But we have to think about why it's unique. It's unique because of the technology that is focused on the binary, which is the only way to control and manage your software supply chain. And it's also unique because it comes with a platform, so not a point solution that focuses on one capability that you need in your software delivery process, but a full, holistic, end-to-end solution together with a registry, with a repository distribution, and so on. In terms of the go-to-market, as we introduced in our updated pricing page, there are two new packages that include on top of the DevOps capabilities and on top of X-Ray. That's a new product line that we will keep investing in, and you will see more and more evolution of our security at the core. Regarding the question of the Salesforce, obviously we have experts in the domain, not only on the sales side, but also the solution engineers and the architect side. And the idea of having a full solution requires people to understand not only security and what is the pain that we are solving for our customers, but how this is embedded into a full platform place. So the answer is yes on the three aspects, the technology, the full platform, and the go-to market and the search for market.
spk03: Okay, thank you. That's really helpful. Just a follow-up question on the advanced security pricing. If, let's say, a current DevOps customer is spending about $100 today, how much of that would go to the advanced security? Like, if they were to adopt advanced security, how much of that $100 would go towards that?
spk09: We're currently in the introductory phase of our advanced security subscriptions, and obviously you saw the pricing for monthly customers. It's increased to $3,400 per month for platform players. It's a customized price, and it's dependent on the volume and methodology that customers use to scan their binaries. Therefore, and just keep in mind that this is more usage-based, business model and we're still learning about the customer how customers would use that and the patterns we just launched it about two weeks ago so it's too soon to tell exactly what would be the immediate impact on customers position but we definitely believe that the advanced security over time will be a significant driver to our revenues I'll follow up on what Jacob mentioned and maybe emphasize two things regarding the way we build the go-to-market for advanced security. A, we are aligning the value of our technology with the need of the customer. So we are charging only for artifact scans, for binary scanning, as Jacob mentioned. It's a consumption model in the advanced security, whether it will be an on-prem installation or cloud installation. And B, and this is very important, JFOG advanced security capabilities and some of the features that we mentioned in the earnings score replace several point solutions. So if you think about the developer's dollar spend, you can think about displacements of not just one security tool, but many across the software supply chain flow.
spk14: Thank you very much, and congratulations on the quarter. Thank you.
spk10: Just a reminder, everyone, it is star 1 on your telephone keypad if you would like to ask a question. We'll go now to Pendulum Bora, JP Morgan.
spk01: Oh, great. Hey, congrats on the quarter. Thanks for taking the questions. One question on advanced security, staying on the pricing question. We noticed that you kind of folded the optional X-ray price, I believe, with Enterprise X. Previously, it used to be optional. Now, it seems like it's not. Is that a change for new customers? How would that impact existing customers? Do they have to choose a higher pricing when they come for renewal? Maybe some color there would be helpful.
spk09: Yeah, so, Benjamin, I'll take this question. If we call for self-managed customers, we made X-ray mandatory already some time ago. uh effective uh second quarter of 2021 we eliminated enterprise subscription and made enterprise x subscription mandatory so pretty much every self-managed customer uh today has x-rays mandatory portion of the enterprise subscription and obviously x-ray is also included in enterprise class now uh advanced security requires x-rays uh and uh therefore only customers who have x-ray has ability to utilize advanced security capabilities uh therefore um we see these customers enterprise x and enterprise plus customers those those who would be utilizing advanced advanced security capabilities on on cloud uh on our business We also made slight adjustment to our subscription structure to make extra mandatory for enterprise customers for the base package. Typically, we see that our customers use volumes that exceed base package, and therefore, it doesn't have any significant impact on our business.
spk01: I see. Understood. Okay. And is it possible to quantify the cloud optimization adjustments that you talked about that customers made? Any way to quantify that? What was that impact in Q3?
spk14: Again, it's primarily happening to customers who are on pay-as-you-go business model.
spk09: As you know, our annual customers have a minimum commitment. Overall, we see that both groups, pay-as-you-go and annual commitment usage continues to grow. Now, each of the pay-as-you-go customers could be volatile from period to period, and we did see some volatility during Q3. It's hard for us to exactly quantify that because this volatility sometimes comes also as a result of timing of different projects and initiatives. The reason we noted that and we know that some of the customers doing optimization is because we talk to the customers to better understand their future plans and how we can expand them. But it's really hard to quantify that.
spk01: Got it. Understood. I'll get back in the queue. Thank you.
spk13: Our next question is Jason Adder, William Blair.
spk11: Yeah, thank you. Hey, guys. Jacob, did you guys provide an initial view on 2023, or is that something you're willing to talk about?
spk09: No, we're currently not providing any guidance for 2023. As Shlomi noted, we see a lot of opportunities for us to continue and grow within existing customers. We're introducing new capabilities on cloud and on-prem, but still, we said that we're not immune because of macroeconomic environment, and we're still learning. So, therefore, we're not ready yet, you guys, for 2023. Okay.
spk11: So, you're going to wait until next quarter, basically? Correct. Okay. And then for you, Shlomi, can you give us an update on your go-to-market motions and how these have evolved since the IPO? And, you know, maybe are there any areas that have surprised you to the upside or the downside?
spk09: Yes. Hi, Jason. In terms of the go-to-market and as the market follows, we've been very consistent with adding more capabilities and reinforce our platform. Today, JFOX supports the world's biggest enterprises, and we have to scale to their level of expectation. So what you see us adding, not only on the DevOps front, but also on the security front, together with the V2 acquisition, on the IoT front, together with the apps acquisition, all the services around that with special support and special professional services if needed, The hybrid methodology that allow enterprise to migrate some workloads to the cloud and still have the on-prem instances, this is very much aligned with what we see in the market. Obviously, most of the value we bring comes at the enterprise level, and you also see that in the numbers, the number of customers over $100,000 number of customers over a million dollars, the number of platform adoptions really encourage us that we are taking the right decision to go to market and the technology that leads that.
spk11: And you talk about cloud marketplaces. Has that become a more significant channel for you?
spk09: Yes. So we invest a lot. in the co-marketing and co-sale together with all clouds. We have great relationship with the major clouds and we extend that. The philosophy of multi-cloud also finds a very high demand from big organizations that need to follow some regulations and strategy decisions. So having this A private offer, co-selling at the marketplace, having this collaboration with the cloud obviously increased our ability to grow with our customers and to land on a higher volume in new customers. I just made to add to that, Jason. When the customer has commitment to large cloud providers, it's much easier for us to work with them from marketplace. It's therefore, majority of our largest deals in cloud, they came through marketplace and we work together with this cloud to close those deals.
spk11: Gotcha. And the unit economics are better for you when they go through the cloud marketplaces versus selling direct?
spk14: Unit economics is better, yes, correct. All right. Thank you, guys. Good luck. Thank you.
spk13: We will now hear from Michael Turek, KeyBank Capital Markets.
spk00: Hi, guys. This is Billy on for Michael. I just want to ask, so last quarter you called out kind of similar macro headwinds like these longer deal cycles and increased approval layers. I just want to see if you made any changes to your selling motion or how your sales team approaches deals now to kind of counter this increased scrutiny. Thanks.
spk09: Yes, we're obviously becoming more proactive, knowing that it may take longer for our customers to close the deal. We contact them earlier. We work closer with them to better understand their plans. And sometimes even work with our partners, like the cloud alliances, to help the customers to maybe accelerate some of the projects through migration to cloud. Michael, if I may add to it, the other side of it is that when you come with a platform, a full platform, robust, scalable platform that also comes with a hybrid story, there is a very good chance that JFOG will displace few vendors. And what we see in the enterprise market is that part of preparing themselves to recession is also consolidating different solutions into one. So we are planning, as Jacob mentioned, we are going proactive with that. I think that we have a great story to tell, not just from the technology side, but also from the end-to-end solution side.
spk14: Great. Thank you.
spk13: We'll now go to Rob Owens, Piper Sandler.
spk02: Hey, thanks for taking my question. This is Ethan Weeks on for Rob Owens. I wanted to ask about the Enterprise Plus mix as a percent of revenue. Looks like it was really strong this quarter, up to 39%, a big quarter over quarter increase compared to what we've seen in the past couple of quarters. And just curious if you guys are seeing some broader consolidation tailwinds or some of these more advanced security capabilities or customers move up tiers quicker compared to historical levels. Thanks.
spk09: I will take that question. The reason for growth, and we're very encouraged by this growth and happy to see this growth in our enterprise-plus solution, is continued adoption of our end-to-end platform capabilities. Specifically, many customers realize that it's not enough for them just to be efficient on the developer side, development side of the software. They need to take software to the market. And our distribution capabilities help them to achieve that. Therefore, we see more and more customers adopting the platform to utilize this full DevOps flow all the way from developer to the market. We continue to see that the primary reason for adoption of the platform distribution capabilities, advanced security will also be available for Enterprise Plus customers. Again, so far, we launched that on cloud only. And it will become available for self-hosted customers early in 2023. So far, with the numbers you see, they're not impacted by advanced security because it was just launched early in Q4. It's just continued adoption of DevOps practices, end-to-end solution offered by JFrog. And JFrog is the only company today that offers these capabilities.
spk14: Got it. That makes a lot of sense.
spk02: And then just as a follow-up, I was curious, the performance of the U.S. federal in the quarter, what did you see, and how did it trend compared to your expectations going into the quarter? Thanks. Our U.S.
spk09: federal business is relatively immaterial, and we haven't seen any significant changes so far, just because it's immediate.
spk13: And once again, everyone, that is star 1 if you have a question. We'll go next to Mike for a follow-up.
spk05: Hey, guys. Thanks for letting me back on here. I did just want to try and take another stab at maybe some of this macro volatility or customer behavior when we're thinking about the pay-as-you-go customers versus those utilizing those minimum annual commitments. Maybe it would be helpful just to have like broad brushstrokes here, but can you help us think about the percentage of your revenue or the percentage of your customer base that currently uses pay-as-you-go? I think that might help people start to get a better feel for how these customers are trying to adjust their spend in the current environment. Any color there would really be helpful.
spk09: Yeah, today pay-as-you-go is about a third of our SaaS business. So majority of our SaaS business is annual. Typical customer journey would be when a smaller customer land on pay-as-you-go, they continue to use the platform and capabilities. When they reach certain level of usage, they would typically transition to annual minimum commitment. a because they already understand the capabilities and see the value and b because they can get some uh price discounts because of the annual commitment and and that's what they use so we see more and more customers uh uh joining on cloud to pay as you go we continue this group continue to grow each of the customers could be volatile again as it could be as a result of uh adopting new capabilities, optimizing their spend, timing of the project, etc. But overall trend of this customer group is up. We encourage to see that as a group, these customers continue to grow despite the fact that some of them transition during the quarter to the minimum annual commitment. Just the fact, Mike, that what Jacob mentioned is the um natural cloud flow we also see a trend of migrating to the cloud and these are customers that are using our on-prem solution and already familiar with the platform already familiar with the technology and the services and migrating to the cloud while they are doing that usually they will end immediately on an annual contract and not start all the way from the beginning
spk05: Understood. Thank you. Thank you very much for the incremental color there.
spk14: I do appreciate it.
spk10: Next up, we'll hear from Akai Kidron Oppenheimer.
spk07: Thanks. A couple of questions for me. First, on the gross margin, it did take up quarter of a quarter, even though your cloud mix is higher. So, Jacob, maybe kind of walk us through that a little bit, what's behind that.
spk09: Yeah, that's continued effort to improve efficiency of our cloud. Some operation operating the cost-saving initiatives. It's evolving process. We continue to do that. And that's the reason for our cloud to be, for overall margins to be better because our margins on our SaaS business improved during the month.
spk07: Good. So we should not assume any gross margin deterioration in the future as cloud goes up in mix. Good.
spk09: There are still gross margins for our SaaS business lower than corporate margins. Therefore, the bigger the portion of our SaaS business, we'll see this trend to go to low 80s over a long time. Meanwhile, as we said in prepared remarks, we expect the gross margins to stay between 83 and 84% in the immediate future. OK.
spk07: All right, then second question regarding 23. I know Jason tried to get some color on fiscal 23. Are there any kind of puts and takes, though, you want us to keep in mind as we think about 23? And maybe you could talk about how big your renewal base is going to be in that year. Is it going to be average or substantially lower or higher? I don't know, like from a cohort standpoint, what comes up. Maybe you could talk about what comes up for renewal and how do we think about that?
spk09: Yeah, so the vast majority of our SaaS business is annual, for annual contracts. About a third of the business on SaaS is monthly. Two thirds, slightly above that, is annual. About 80% of our self-managed business is annual, and the rest is multi-year. So we do continue to see significant renewal base every year. We encourage to see that the renewals continue to be strong, comparable to historical levels. Churn, again, very minimal. We have very sticky products. Our cloud continues to grow much faster than self-managed. We will introduce new capabilities to self-managed solutions in 2023 in security area. So we entering the year very strong. Hi, Shlomi here. I'll add one thing to it. When we are looking at essential infrastructure, I believe that you know a company, no matter what company, when they bet on an infrastructure, usually they take a long-run decision. This is not something that you replace on the developer machine. This is not something that you replace on the individual. working station. Therefore, we keep investing in our infrastructure as a platform, but customers that are betting on JFOG, those who chose JFOG this year, those who renew this year, are probably looking at the long run as they set up their security and DevOps essential infrastructure, cloud or on-prem.
spk07: Right. Well, maybe I can expand on this, Shlomi, a little bit. When I think about the current environment, there's an argument to be made, right, on the negative side of it is that, you know, in times of financial distress, IT departments are probably trying to do as little as possible and not take risk on new systems and just keep what they have for another year and then evaluate later on the flip side. your platform now enables customers to consolidate multiple points and create savings. So in this push and pull situation here, how do you think the deck is stacked out for you over the next couple of quarters with macro environment a bit more challenging? Is it on the net positive or on the net negative, or perhaps neither here nor there, but we'd love to get your perspective on this.
spk09: Yeah, well, that's a very good analysis of what we see. Well, putting aside for a moment the macroeconomy, when you look at the advanced security, the world in 2022 and 2021 already suffered too much from holes in the software supply chain security. It's not something that is being articulated by J-POP. The White House is speaking about it. Regulation from the British Parliament is coming with instruction of how you should protect your software supply chain. And the world starts to understand that there is only one way to fully protect your software supply chain, and it's protecting the binaries. So I don't think that customers, organization, enterprise or not, actually have a choice. They will have to upgrade the legacy security solution. They will have to look at consolidation of security solutions. They will have to get control over their boundaries. And I think that what JPEG now really answers all of the three. So yes, I'm expecting to see a growth in the adoption of our platform and the consolidation of having a DevOps solution coming with a very strong software supply chain security solution and not point solution or a feature here or a feature there or some small research teams that some of the vendors are offering. We offer the best database in the world for security vulnerability, the most updated one. By data, we released more zero days than any other vendor in the world in 2022. So we are very positive around what we are building, not only for security, but security that comes with the repository as well.
spk07: Okay. Maybe if I may, then last one, Swami, just on this, and I'm asking this because I don't really know the answer. Are there security threats that are specific to binaries that will not show up in code, but will only show up in binaries? I'm trying to think how how specific the threat is to that level of insight that clearly you have a great vantage point to and code repositories don't. So what is unique about binaries that there are threats there that cannot be picked up with normal code scanning?
spk09: I love this question. I will try to make it short because it's an erring call. There is no way, there is no developer in the world that will tell you that with static code analysis and source code security, you can protect your software supply chain. What comes with binaries is also the metadata and the dependencies and everything that you need to know about where this package is flowing to. If you take, for example, the log4j, it's not only finding patient 0 log4j. It's also finding all the dependencies that all the developers in all deployment environments build with it. So with Artifactory as your single source of record and with JFrog Advanced Security on top of it, you are not just running on the best data that you control, you actually control. You also have the ability to look at all the dependencies and where the binaries are in all different fields, in all different teams, in all different deployment environments. And that is impossible to be done with Solstice.
spk07: Got it. Excellent. All right. Apologies for all the multiple questions. I appreciate it, Carlo. Very helpful. Thank you. Thank you, Dave.
spk09: everyone at this time there are no further questions I'll hand things back to management for any additional or closing remarks well thank you everyone for joining us to our Q3 earnings call we are very excited about the progress the company has done and may the frog be with you thank you everyone that does conclude today's conference we would like to thank you all for your participation today you may now disconnect
Disclaimer