This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
spk01: Ladies and gentlemen, thank you for joining us and welcome to JFrog's fourth quarter and fiscal 2022 results. I'll hand the conference over today to Jeff Schreiner, VP of Investor Relations. Jeff, please go ahead.
spk08: Good afternoon and thank you for joining us as we review JFrog's fourth quarter and full year fiscal 2022 financial results, which were announced following market close today via press release. Leading the call today will be JFrog's CEO and co-founder, Shlomi Ben-Haim, and Jacob Schulman, JFrog's CFO. During this call, we may make statements related to our business that are forward-looking under the federal securities laws and are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including statements related to our future financial performance, including our outlook for Q1 and the full year of 2023. The words anticipate believe continue estimate expect intend will and similar expressions are intended to identify forward looking statements or similar indications of future expectations. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our views only as of today and not as of any subsequent date. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward-looking statements in light of new information or future events. These statements are subject to a variety of risks and uncertainties that could cause actual results to differ materially from expectations. For a discussion of material risks and other important factors that could affect our actual results, please refer to our Form 10-K for the year ended December 31st, 2021, filed with the SEC on February 11th, 2022, and our most recent report on Form 10-Q, which is available on the investor relations section of our website and the earnings press release issued earlier today. Additional information will be made available in our Form 10-K for the year ended December 31st, 2022 and other filings and reports that we may file from time to time with the SEC. Additionally, non-GAAP financial measures will be discussed on this conference call. These non-GAAP financial measures, which are used as a measure of JFROG's performance, should be considered in addition to, not as a substitute for, or in isolation from, GAAP measures. Please refer to the tables in our earnings release for reconciliation of those measures to their most directly comparable GAAP financial measures. A replay of this call will be available on the JFROG Investor Relations website for a limited time. With that, I'd like to turn the call over to JFROG CEO, Shlomi Benhaim. Shlomi?
spk11: Thank you, Jeff. Good afternoon to you all, and thank you for joining the call. I'm happy to report that we ended fiscal year 2022 with annual results in line with our guidance range, despite that 2022 was a challenging year from a macroeconomic and geopolitical perspective with moderated growth in the IT market. Nevertheless, DevOps, security software, and cloud computing remained among the most resilient IT projects. I'm happy to see that JFrog not only performed well with revenue growth of 35% year over year, in line with our guidance range, but also exceeded our commitment to break even, wrapping up Q4 with non-GAAP EPS of $0.04, more than double the range we communicated in Q3. 2022 included hyper growth in our cloud business, significant growth in the number of customers that subscribed to our full software supply chain platform, powered by advanced DevOps and DevSecOps end-to-end solutions and a higher lending ASP with customers who invested more in digital transformation. For the fiscal year 2022, revenue was $280 million, up 35% year-over-year. J-Frog finished the year with over 7,200 customers, compared to 6,650 in the prior year, choosing us as their DevOps and DevSecOps partner of choice. Allow me now to elaborate more on our fourth quarter results. Our 2022 fourth quarter revenue was $76.5 million, reflecting 29% year-over-year growth. Our cloud revenues delivered continued momentum, equaling $22.6 million and increasing 53% year-over-year. Our growth in the quarter was driven by continued increases in end-to-end JPEG platform subscriptions, as well as ongoing customers' migration to multi-cloud and hybrid environments. Customers with ARR over $100,000 grew to 736 compared to 696 in the previous quarter, increasing 37% year-over-year. Customers with ARR over $1 million increased to 19, up from 18 in the previous quarter, and up 27% year-over-year. We are pleased with this result, especially in light of the market dynamics we witnessed in the last few weeks of the quarter. On today's calls, we'll share an update on how the latest macroeconomic changes are impacting our business, how we are adjusting for it, and how we continue to drive growth alongside cost efficiency to capture the massive DevOps and security market opportunities ahead. Let me start by expanding on the top three themes that drove customers acquisition and expansion throughout the year and specifically in Q4. First, Overall adoption of our end-to-end software supply chain platform, showing increasing maturity and tooling consolidation by the enterprise. Second, growing demand for security solutions that are fully integrated into the DevOps workflow and available as part of a full platform. Third, cloud and multi-cloud migration and adoption. Let's begin with the end-to-end JFrog platform scope. The growing adoption of our complete platform by new and existing customers showcases the broad need for scalable, end-to-end, fully integrated, hybrid solutions. Our holistic platform approach drove continuous sales momentum in Q4. For example, one of the world's most recognizable payment processing companies completed a standardization on the JFOG platform as their system of records. They chose JFrog over the prior solution, Sonotype Nexus, as they needed a highly available solution that scales efficiently and supports hybrid environments to meet the needs of thousands of developers. In another example, a leading commercial bank in EMEA chose JFrog as their enterprise DevOps system of records. Due to the high level of complexity, they presented requirements for universality, full binary lifecycle management, integrated security, large scale, and efficient replication and distribution between development sites. Already utilizing GitLab for source code management, these banks turned to JFrog to complete their software supply chain coverage with an advanced solution for binary management and software supply chain security. We saw this trend throughout 2022 as customers are telling us that both from a technology and business perspective, platform consolidation and standardization will be a key theme in 2023, not only for DevOps or DevSecOps, but for complete software supply chain management. Second, to our security pillar. In mid-October, we launched an industry-destructive set of advanced tools, introducing J-PROG Advanced Security as the first DevOps-centric security solution. While we continue to build and expand this offering, we were excited to see initial customers who purchased J-PROG Advanced Security subscriptions quickly taking advantage of these capabilities. J-PROG's meaningful investment in security over the past years is beginning to bear fruit. We strongly believe that the holistic JFOG platform powered by JFOG Artifactory, the database of DevOps and the de facto standard in the software package management combined with our best of breed security solution into a single platform will drive adoption among our install base and attract new users. This is reflective of the sea change we saw in 2022 of security being embedded across the software supply chain. and companies discovering that if they don't control and secure their binaries in their organization, they are finding it nearly impossible to secure their software assets and remediate security issues. Modern security technology is automated, requires less human intervention, manages software package dependencies, and set policies that protect and remediate an organization's software supply chain. We build JFrog Advanced Security with this understanding and we believe it will displace legacy security solutions attracting new customers to JFrog as this market continues to mature. In just over a year since our acquisition of Vidoo, JFrog has released a half dozen capabilities that can consolidate security point solutions currently in the market. As some competitors cobble together open source tooling to appeal to the market demands, JFrog delivers a comprehensive DevOps and DevSecOps solution for enterprises who are looking to consolidate their tool stack into a single platform. Let me share with you how we differentiate in security. Development teams are using security point solutions that generate too many results requiring allowing them to inefficiently fix all vulnerabilities, not allowing them to prioritize remediation based on context. This is why our contextual analysis capability was released. With JFrog Advanced Security, we allow teams to prioritize safe development hours and focus on what matters. Also, companies want to ensure that no software is shipped with an accidentally included secrets or access keys. This is why secrets detection in our advanced security solution is so important, as it discovers inadvertent revealing of secrets and where they live in both code and hardcoded into binaries. JFOG is helping companies and development teams focus these holistic security efforts with our solutions, alleviating teams' workloads, decreasing risk and covering the entire software supply chain, which is impossible by scanning source code alone. We believe this approach will help drive growth in existing customers in 2023, upgrading many into higher JFOX subscription types that incorporate security solutions alongside core artifact management. Security budgets remain one of the most defensible areas of technology spend. as enterprises prioritize investing in end-to-end solutions to secure their growing digital attack surface. For example, in Q4, one of the Nordic region's most prominent banks turned to JFrog to incorporate security across their software supply chain. Looking for a multi-cloud-based solution to streamline their operation, they partnered with JFrog and Google Cloud via their marketplace to enhance the bank's security posture and displays legacy on-premise solutions. In another Q4 example, one of France's most recognizable luxury brands turned to JFrog for complete visibility and security across the software supply chain, saying they could now build once and run everywhere securely across multiple cloud providers. Looking to consolidate and standardize their DevSecOps tools long-term, this company is illustrative of what we are hearing from thousands of JFOC customers. They want to get control of their security tools and associate costs. We'll keep investing in JFOC security solutions as one of our R&D cores and look forward to more advancement and innovation in software supply chain security in 2023. We believe proven, powerful, holistic security solutions coupled with end-to-end binary management is antidote to modern software supply chain security threats. Now, I want to address our cloud business. Cloud, multi-cloud, and hybrid infrastructures continues to be the desired end state of many companies. Our enterprise customers tell us that cloud migrations are often a multi-year effort and that the hybrid capabilities of JFrog allow them to move over time at their own pace with limited disruption to the business. As such, we've been pleased throughout the year to see growth in the cloud business across all subscription types. A Fortune 100 pharmacy brand chose JFrog's software supply chain platform due to the immediate need to consolidate DevOps and DevSecOps solutions. JFrog replaced multiple existing on-premise and cloud offerings, including container registry tools from AWS and Google Cloud, to manage the full software supply chain on one platform. This $500,000 Enterprise Plus bill was driven by the need for universality, scalability, consolidation of tools, and JFOGS out-of-the-box integrations across the ecosystem. Recent CIO surveys validated by analysts and our customers tell us that while from short-term budgets, may be tightening annual investment in DevOps and security platforms in 2023, specifically in multi-cloud form, are expected to go over 2022. Next, I want to address the ongoing macroeconomic challenges. J4's overall win rate and customers' preservation remains robust, consistent with the historical trends, and we have been able to close substantial amounts of Enterprise Plus deals that show us the enterprise demand for JFOG solutions. However, the macroeconomic headwinds, such as elongated sales cycles and customers' pushouts, increased significantly in the fourth quarter, impacting the overall growth of our business. During the month of December, we witnessed a further slowdown in deal closing and increased customers' optimization efforts in cloud usage. As we close the quarter, we saw our customers exercise caution in this uncertain environment. This is evident in the number of deals that pushed from Q4 into 2023 and that now require C-level budget sign-offs. This impacted our growth and net retention rate in the fourth quarter. It is further evident that self-hosted customers who are considering migration to the cloud are expanding their on-prem system at a slower pace in favor of the cloud migration strategies that are pending further budget approvals. We would expect this pattern to continue in 2023 and have included them in our forward outlook. Despite these challenges, we see growing need for DevOps security and edge solutions across the software supply chain in 2023 and beyond. Continuing to believe JFrog Software Supply Chain Platform sets industry standards and delivers unmatched value to the market. As we step into 2023, we see opportunities to leverage investments we have made within our solutions in prior years. allowing us to expand our profitability while still delivering top-line goals as we will share in our guidance. JFOG was founded in a recession, has built a solid business across a decade, and we believe remains well-positioned and well-equipped to deliver in uncertain times. With that, I'll turn the call over to our CFO, Jacob Schulman, who will provide an in-depth recap of Q4 financial results and update you on our outlook for both Q1 and fiscal year 2023. Jacob?
spk10: Thank you, Shlomi, and good afternoon, everyone. During the fourth quarter, total revenues were $76.5 million, up 29% year over year. The full fiscal year 2022, revenues were $280 million, up 35% year over year. We ended the year with 7,200 customers, an increase of 8% over the 6,650 customers at the end of 2021. Expansion in our cloud business continued during the fourth quarter, with revenues of $22.6 million, up 53% year over year, representing 30% of total revenues. For fiscal year 2022, our cloud revenues equaled $80 million, up 60% year over year, and equaled 28% of total revenue. We are pleased with the growth in our cloud business during the quarter and fiscal year 2022. However, we have seen an expansion of headwinds from both customer optimization and macroeconomic impact relative to our expectations, which impacted fourth quarter results. In the fourth quarter, our cloud usage was impacted by higher than expected transition of our pay-as-you-go customers to minimum annual commitments. The transition to annual commitment is beneficial to our business, reduces volatility, and provides more visibility over the long term. However, in the short term, it negatively impacted our revenue growth in the quarter due to volume discounts based on commitment size. Self-managed revenues, or on-prem, were $54 million, up 21% year over year during the fourth quarter. For full year 2022, Self-managed revenues increased 28% compared to the prior year. Natural retention for the four trailing quarters was 128%, a decline of two points due to macro headwinds. Our gross retention continued to be at 97%. In Q4 of 2022, 43% of total revenue came from Enterprise Plus subscriptions, up from 35% in Q4 of 2021. Now, let me discuss the income statement in more detail. Gross profit in the quarter was $64 million, representing a gross margin of 83.7% compared to 84.8% in the year-ago period. The decrease in gross margin relative to the year-ago period is related to a higher portion of cloud revenues as a percentage of total. We expect gross margins will remain between 83 and 84% in the near future, and then trend toward the low 80s over the long term as cloud revenues become a greater portion of our total revenue. Operating expenses for the fourth quarter was $62.5 million, or 82% of revenues, up from $50.2 million, or 85% of revenues, in the year-ago period. Our operating expenses grew sequentially by around $3 million as we continued to build out our enterprise sales in general relationships for the long term. Non-GAAP operating profit in Q4 was $1.6 million for 2.1% operating margin compared to an operating profit of $50,000 or 0.1% operating margin in the year-ago period. We turn back to profitability this quarter as non-GAAP net income in the quarter was $4 million with earnings per share of 4 cents. based on approximately 106 million weighted average diluted shares outstanding, compared to a loss of one cent per share in the prior year quarter. Turning to the balance sheet and cash flow, we ended the year with $443 million in cash and short-term investments, up from $434 million as of September 30, 2022. Cash flow from operations was $7.3 million in the quarter. After taking into consideration CapEx, free cash flow was $6.4 million for 8% free cash flow margin. We remain committed to accelerating our free cash flow margin towards our long-term target of 30% over the coming years. As of December 31, 2022, our remaining performance obligations total $204.7 million. I'd now like to speak about our outlook for 2023 and guidance for the first quarter and full year. Our expectations for 2023 imply strong growth in our cloud business. But due to continued headwinds related to customer optimization efforts and ongoing macroeconomic impact, we see baseline growth levels moving toward the mid-40s, down from prior levels of mid-50s. We expect the trend of slow expansion within our self-hosted business to continue through 2023 as more new customers land and expand with our cloud solutions. We continue to see an increase in usage of our solutions by self-hosted customers, and therefore, during the upcoming fiscal year, we will implement the pricing change to better align the value we deliver. This pricing increase will contribute roughly $6 million to our forecasted 2023 revenue growth. In addition, we will soon be releasing a version of JFrog Advanced Security, supporting our self-hosted customers. We are happy to see strong customer engagement since launch with our cloud-based offering and see this introduction as an opportunity to be an additional driver of expansion within our self-hosted customers. Our outlook does not anticipate any increase in customer return, as we are not seeing a loss of business. We are seeing an elongation of customers' migration process to the cloud, which will impact our net retention levels in the short term. Our expansion in our cloud business continues to be a catalyst for longer-term growth. Given the dynamics of our self-hosted cloud businesses in 2023, we now expect our net dollar retention ratio to be in low 120s for fiscal year 2023. As committed, we return to profitability in 2022 and now see opportunities to expand further in 2023 and beyond as we begin to leverage investments we have made within R&D and sales and marketing over the past few years. Following prior cost optimization efforts we referenced in the second half of 2022, we will continue with our cost management efforts, shifting resources to high growth opportunities, and being disciplined about headcount growth. For Q1, we expect revenue to be between $78 and $79 million, with non-GAAP operating profit between $1.5 and $2.5 million, and non-GAAP earnings per diluted share of 3 to 5 cents. assuming a share count of approximately 107 million shares. For the full year of 2023, we anticipate a range between $340 million to $344 million. Non-GAAP operating income is expected to be between $17 million and $19 million, and non-GAAP earnings per diluted share of 18 cents to 20 cents, assuming a share count of approximately 110 million shares. Now let me turn the call back to Shlomi for some closing remarks before we take your questions. Thank you, Jacob.
spk11: We believe we are well positioned to face macroeconomic headwinds as we have built a diversified customer base across multiple geographies and industry verticals. We believe our software supply chain platform is mission critical in the digital transformation of enterprise customers and our security capabilities complement our leading position in DevOps. As we are turning the page on 2022 and leaping into 2023, I'd like to take this opportunity and thank my team. Over 1,300 folks are working days and nights to make sure we are not only innovating, but also turning our customers into a digital transformation catalyst. We reimagine the future and navigate through the macro challenges in 2023. We're committed to working with the community, our customers, partners, and industry innovators to transform the software supply chain across our three cores, DevOps, security, and IoT. Thank you all for your attendance today, and may the frog be with you.
spk12: And now, we'll be happy to take your questions. Operator?
spk01: Thank you. If you would like to ask a question today, press star followed by the number one on your telephone keypad. We ask today that you limit yourself to one question and one follow-up. Thank you. Your first question comes from the line of Pendulum Bora with JP Morgan. Your line is now open. Hey, thank you so much for taking the questions.
spk04: Shalmi, maybe we can start with the advanced security side. Seems like you're seeing some initial good kind of traction there. Maybe help us understand kind of the attach rates to existing customers at this point. Is it fair to assume kind of it's more of an expansion motion than a land motion in general, what you're saying?
spk10: Pindalum, this is Jacob. Pindalum, if you could improve the quality of your line, please. It was really hard to hear the question.
spk04: Oh, sorry. Is this better?
spk10: Yes, much better.
spk04: Yeah, I wanted to ask about advanced security and the patch rates that you're seeing with existing customers and if you're seeing any lands or maybe it is not a land motion.
spk11: Yes, Benjamin, hi, this is Shlomi. I'll start and Jacob, feel free to chime in. So advanced security, as you know, was launched on October of last year. From the early beginning, we saw demand from our existing customers that require a platform solution that comes not only with artifactory and x-ray, but the full comprehensive advanced security capabilities. So we added some features that are aligned with the software supply chain security and make sense to the enterprise. Some of what we have heard from our customers, and as we reported, some already purchased, is that they need to consolidate solutions that are now spread between different point solutions. They need a solution that can run in the cloud and on-prem. This is our plan. And they need a solution that protects the software supply chain left to artifactory and right to artifactory. And this is where J4G Defense Security comes in.
spk10: Yeah, so Pingelum, the advanced security would be add-on and requires x-ray capability. That's why in terms of attach rate to the customers, about half of our customers have access to x-ray. So those would be the group of customers that can today purchase advanced security. This is just the first weeks of this product. We're happy to see first customers buying it, and we have great expectations from this product. It's just the first weeks of this product in the market.
spk04: Yep, understood. On the macro side, maybe help us understand the process. the pipeline that you're entering this year with at this point in time, and what have you seen so far in January? Is that more so what you've seen in December? Is it taking a step down? Just trying to understand the guidance and how much room is there. Is it de-risked or not?
spk10: Yeah, so we did see kind of macroeconomic headwinds accelerate a bit in the last few weeks of December. Specifically, we did see increased activity in cloud usage optimization. We do see that customers trying to meet their budgets, they don't have any more kind of room to exceed their initial budget allocations. We also saw some deals push out because it required additional approvals, which was not required previously. So those dynamics, we believe, we will continue to see in 2023, and that's what we took into account in our guidance for the full year and the first quarter.
spk04: Understood. I'll get back in the queue. Thanks.
spk01: Your next question comes from the line of Sanjit Singh with Morgan Stanley. Your line is now open.
spk05: Thank you for taking the questions. I want to follow up a little bit more on the outlook, Jacob. In terms of some of the dynamics you're seeing, well understood on the elongation of sales cycles, but I was wondering, thus far into early January, have you been able to close any of those pushed out deals? And in terms of the dynamics of customers moving from pay-as-you-go, monthly to annual, you had mentioned this dynamic you know, before, you know, earlier this fiscal year. So just the magnitude of the shift is just sort of more pronounced. And as you think about guidance for next year, where specifically are you embedding more conservatism just so they get a sense of how you arrive to your guidance for 2023?
spk10: Yes, so from the deals that were pushed out, some of them were closed in 2023. A lot of them haven't yet been closed because they require additional approvals and they're going through approvals. And as we see customers looking at their budgets and kind of at the end of the year, typically they're working on their budget plans. That was yet another reason for customers kind of waiting with their purchasing decisions before the budgets are finalized. Now, with regards to the pay-as-you-go to annual commitments transition, first of all, the portion of our pay-as-you-go customers as percent of our overall cloud business today represents much smaller portion. We entered the year with about a third of the cloud business being pay-as-you-go. We exited the year with pay-as-you-go to be about a quarter of the cloud business. So the transition to annual provides us better visibility, better forecasting capabilities. and helps us to create better even engagement with the customer because it's typically kind of longer-term engagements with customers with a roadmap. We expect that our pay-as-you-go to annual commitment transition will continue. We've seen that obviously, as you know, the optimization from customers is coming from two angles. One is storage optimization, another one data transfer optimization. Customers have more flexibility to do storage optimization than data transfer optimization, and we believe many of them have already done that. But we still try to be cautious in terms of, you know, we just, the level of this optimization effort increased in the last few weeks of the quarter, and we're trying to be conservative in how we approach the full guidance for the year.
spk05: Understood. Shlomi, I guess a question for you. You have Microsoft announcing things like Copilot for GitHub, which at least has the potential to rapidly accelerate the development and production of code. And I imagine, like, you know, the Microsoft sort of competitors, Google, Amazon, maybe others, will respond in some sort of fashion. And so when we think of this sort of AI movement on the sort of left-hand side of the software release cycle, how do you think this impacts if this trend were to continue in adoption of things like GitHub Copilot? you know, accelerates meaningfully. What do you think the impact is on, you know, the software release cycle sort of overall, how it impacts JFrog as a DevOps platform within that software release cycle, and maybe even Artifactory, if you could sort of peel the onion for us in terms of how the market may be evolving with respect to some of these new AI-based technologies?
spk11: Yeah, thank you, Sanjit, for the question. Obviously, AI embedded into source code management is something that is led by GitHub, and I think that they did a good job with the co-pilot. However, this is for source code management. Most of what you do once you worked on your source code, you start to automate everything, and this is the power of binaries. And when you automate, AI is required. The automation and artificial intelligence is required in order to do a better management of binaries, a better management of binaries distribution, and a better management of binary security. Some of these capabilities are already included in how we build our next generation distribution, next generation security. Some of the capabilities that we released in JFrog Advanced Security are replacing point solution legacy security solution with tools that are far more automated. The power that we have with Artifactory is that it's easy to automate binaries and it's almost, I don't want to say impossible, but challenging to automate source code. Binaries are machine language, so I think that you will see more and more AI embedded into JFOG Security, and to your question, it will go perfectly with the AI embedded into source code management.
spk02: Understood. Thank you, Shelby.
spk01: Your next question comes from the line of Kingsley Crane with Canaccord Genuity. Your line is now open.
spk06: Hi. Thanks for taking the question. So I believe you're guiding fiscal 23 revenue growing around 22%, and then Q1 growing around 23%, and then exiting Q4 around 128% NRR. So just kind of curious, I know you said a little bit lower, but what NRR would be underlying the guidance for next year?
spk10: So we ended the year with 128% net dollar retention, and we expect it gradually converge toward 120 over the course of the year.
spk06: Okay, thank you. And then just want to touch also on the pricing changes. So it sounds like it could provide a $6 million tailwind. Just any more color on the set of customers, this would affect, and then the nature of of this change?
spk10: So it's only impacting our self-hosted customers. As you know, our cloud monetization model is based on usage. Our self-hosted business monetization is based on number of servers. We do see that our customers utilize our solutions more and more on the self-hosted side. but it does not necessarily relate or impact in the server purchases. And therefore, we decided to make this price change in order to better align the value that our customers are getting with the price that they pay. It's a small percent, 3% to 5% increase across all subscription types on self-hosted solutions.
spk06: OK, really helpful, Jacob. Thank you. All back in here.
spk01: Your next question comes from the line of Koji Ikeda with Bank of America. Your line is now open.
spk15: Hey, Jacob. Hey, Shlomi. Hey, guys. Thanks for taking the questions. I wanted to follow up on that net revenue retention color there, and I wanted to kind of frame it more on the upside in perspective. You know, what needs to happen maybe from a demand environment or, you know, the customers out there or the way that they're consuming the product that could drive net revenue retention, you know, higher from the low 120s, maybe back up to historical levels?
spk10: Yes. So, Kozhi, as you know, our expansion of our customers in the cloud environment is higher than the corporate net low retention. So, if we see that the trends of customer migration accelerate or the trend of customer usage optimization in cloud decelerate, that's what could create potential upside on the cloud usage. Also, the adoption of our security solution for on-prem customers. Again, as we noted in prepared remarks, we see we're very happy with the engagement with our customers on the cloud side with advanced security capabilities. we expect to launch that for on-prem. So the adoption of these capabilities by on-prem customers will also create certain upside to our expectation. We haven't launched yet advanced security for on-prem. That's why it's too soon for us to tell, and that's why that potential could create an upside.
spk11: Koji, and if I may add, I think that what we see is that the cloud goal is still performing very high. You could see it in the results. What we've seen in the last few weeks of 2022 was that on-prem customers that were in the process of migrating to the cloud and improving obviously our net dollar retention are currently on hold pending for budget approvals. And this is part of the pipeline that was pushed. But on the same hand, they are not investing more in on-prem. So it's kind of an in-between period for on-prem customers that already expressed their motivation to move to the cloud, already completed a successful proof of concept of this workload migration, but still waiting to get their final approval for budget of moving to the cloud. And that's obviously on a bigger volume in our install base, the on-prem current customers.
spk15: Got it. No, thank you for that. And just one follow-up here, if I may, a question on kind of the new business assumptions, you know, thinking about the net revenue retention and the guide. I mean, it does imply not a lot of new business. So how should we be thinking about new business as a contribution to growth in 2023?
spk11: So we are looking at the new business and we are adding capabilities, not only capabilities, but also more deployment environment, cloud and on-prem. Obviously, the majority of new customers are coming through the cloud and we are very happy about that. That's a cloud-first strategy that we set a few years ago and now . Well, listen, JFrog provides a solution to the enterprise and small-medium companies that already have a mature development environment. If you are a startup with few developers, it's not necessarily bring the value. that you need at scale. So we are very pleased with the hundreds of new customers and new logos that we added, and we are also very pleased with those that joined us in previous years and now upgraded to the platform. So what we see coming next is more customers new customers joining us as they scale, joining us as they move to the cloud, and joining us as they need more security capabilities under one platform.
spk15: Thanks, guys. Thank you so much for taking the questions.
spk01: Your next question comes from the line of Jonathan Rucaver with Kantor. Your line is now open.
spk03: Yeah, hey, guys. So the profitability for fiscal 23, much higher than expected. So that's nice to see. But given the headwinds that you see, the macro-related headwinds to top line, are you sacrificing maybe too much on the growth side? I guess what I'm asking is what is your confidence in achieving top line growth just given the lower OPEX spend? and maybe something more that's occurring to the business beyond just macro. I don't know if competition is changing or if you see different approaches or maybe repository management or distribution that might be impacting the opportunity. It just seems like with the bullishness you've articulated around expansion of Artifactory, advanced security distribution, that that number would be going as low as you talked to?
spk10: Yes. So we invested in the various areas over the course of last few years, and we have started seeing first fruits from our investments in security capabilities. Artifactors obviously is a de facto standard in the industry and continue to be very strong brand. We also built significant infrastructure around our go to market and R&D capabilities. So we believe that the current level of investment is sufficient for us to achieve this revenue targets that we expect. And that's why we can increase our bottom line as well, because we feel comfortable in the level of investments that we've done.
spk11: John, and if I may add, well, you know JFOG, you follow JFOG. Profitability was part of our plan before the recession, and we are very happy. I'm very pleased to see that we are not just committed to this KPI, but also exceeded in performing there. And we will keep on doing that. But your question is very important because you're asking if this is for profitability, are we sacrificing something? And the answer is no. We actually invested in three main domains. A, cloud, B, platform, and C, security. This is what we have done for the past year. And now I think that the company is set to kind of go after the fruits of these investments that are also very much aligned with the market demand and what we hear from the market. So we will take the profitability challenge alongside going after the fruits of our investment in 2023. Okay. That's helpful. Thank you.
spk03: And then the following question I have. and I would think that this would be a positive, but just the trends you might be seeing around artifact size, container usage, infrastructure as a code. How do those trends potentially impact demand trends for artifactory?
spk11: Yeah, artifactory, as Jacob mentioned, artifactory is the standard maker in the binary and artifact management in the world. And we are very happy to see it growing and especially when new customers and large enterprise are adopting this methodology, it's kind of showing us that what we invested in is really the center of gravity for software supply chain management. When you build on top of the database of DevOps, Artifactory, and Artifactory became the single source of record for all companies, then the capabilities that you're adding as part of the platform are just completing the customer's ability to control the full software supply chain left and right to Artifactory. So we still think that the primary asset in software supply chain management is artifacts, and we're also seeing it from the customer's demand, and we're also seeing it from other companies that are trying to develop the same capabilities.
spk02: Okay. That's all I have. Thank you.
spk01: Your next question comes from the line of Mike Sykos with Needham. Your line is now open.
spk07: Hey, guys. You have Mike Sikos here, and thanks for taking the questions and getting me on. I wanted to cycle back to some of the earlier questions that are trying to get at what level of conservatism is baked into the guidance or how much has it been de-risked. And really where I'm going with this is focused a lot, I think, Jacob, in your prepared remarks, had said that SAS growth in calendar 23 is expected to be mid-40s as we look out over the course of the next year. And I'm trying to just get a better feel or a sense, but can you help us think about what went into your assumptions to arrive at that mid-40s, especially as we look at the comps that you guys were up against, given the strong growth rates you guys delivered in calendar 22? But anything on that south growth in 23 would really be beneficial from my understanding.
spk10: Yeah, so the following assumptions we looked at when we came to this conclusion. A is the number of customers today and the overall business today on minimum annual commitments versus pay as you go. Two, we looked at the pipeline for migrations from on-prem to cloud. And we assume some delays, as we know that we did experience some delays in the conversions in the late part of Q4. And we assume that the delays, we will continue to see some delays in 2023. So we applied some conservatism on the pipeline for conversion. And we also did not embed the significant upside usage on top of minimum commitment. So we do expect that customers will continue to optimize their cloud usage and therefore the minimal potential upside above their annual commitments.
spk07: That's great. I really do appreciate you walking me through that. And then another question for you, I guess the follow-up here. I forget if it was Koji, but one of my colleagues had asked about what's expected for the calendar 23 contribution from new customers. I think my question is a little bit different and probably more with respect to the existing customers here. But if I look at the total customer count, I know that we only get that on an annual basis, but in calendar 22, it grew 8% year to year versus growing annually. 10% in calendar 21, but calendar 21 would have been 13% if I strip out the customers that churned because you guys sunset a couple of products. And so the question that I have is, if the customer base is growing at a slower rate, how is that impacting your forecasting here when you're thinking about the ability to continue to grow that existing customers? If those customers aren't growing at At a rapid a clip as they had been in previous years.
spk11: Yeah, Mike, I'll take this question and thank you. Well, 1st of all, you know, in the past 3 years, we added 2000 new logos to to J portfolio. We are also happy with the fact that our Cloud First strategy navigate more and more new customers to join JFrog in the Cloud First and not migrating later. And the third thing, we are adding capabilities and we see a growing ASP from the landing point. So our entry-level price is higher. There are more adoption of new capabilities. And still, when you add hundreds of customers a year and thousands since we start building the platform with you guys watching it, I see the growth as we expected. And please remember, as I answered to Koji, these are mature companies that need a serious software supply chain coverage. meaning that they are ready to scale and they are not in the proof of concept of adopting a software supply chain solution. So we build for scalability and we build a comprehensive solution that comes as one platform to enable that. This is one of the reasons that we also see a higher ASP on the landing point.
spk02: Terrific. Thank you, guys.
spk01: Your next question comes from the line of Atai Kidron with Oppenheimer. Your line is now open.
spk09: Thanks, guys. A couple of things for me. Shlomi on the macro front and the elongation of the cell cycles. A couple of things on that. First of all, was January worse than December? The same, if you can talk about that. And then second, related to that, is there any more color you can give us on regions, North America, Europe, Asia, or type of customer, enterprise, commercial?
spk11: Yes, thank you, Itay. So it's too early for me to speak about January, but I can tell you that what we've seen in December and specifically in the last weeks of the previous quarter is kind of a pattern that we keep on seeing, and this is why we took it into consideration when we proactively set our outlook. We see that difference between geographies, not just because of the geopolitical situation in Europe, but some differences between geographies in how they adopt software supply chain and how they adopt cloud. So obviously North America is leading with cloud migration, with the big legacy industry vectors start to move to the public cloud. We see EMEA following, but in a slower pace, and APAC is really at the beginning of adopting platform solution. They are still at the basics of DevOps. The second thing that we see is that security, especially in North America, and more specifically software supply chain security, after the White House launched a bid saying that this is part of the regulation, is part of every CIO agenda for 2023. And this is why we were very focused on having JFOG Advanced Security for 2023 and not later this year. So I assume that we will keep seeing this trend, elongated process, more C-level sign-offs. We will see this. But alongside that, in North America, cloud goals will still happen, and security will still be top in line of the CIO and the CISOs list.
spk09: Okay. And then maybe following up on security and advanced security more specifically, Can you clarify the pricing changes related to advanced security? I mean, you had X-Ray before, so the introduction of advanced security did what to pricing? How did that affect your pricing scheme and how customers buy it?
spk11: Yes, so X-Ray, as you remember, X-Ray is a tool that protects Artifactory. You have Artifactory as your single source of truth, and then X-Ray sits on top of it to make sure that your binary repository is protected. What we have done with JPEG Advanced Security is we added capabilities that protect you from left and right to artifactory. Left means how you protect your static code analysis, how you protect your source code, how you protect your development environment. Right means how you protect your runtime environment, container security, secret detection, and contextual analysis. So basically, JFrog Advanced Security is a price on top of the current subscription. that focuses on security for the full software supply chain. X-Ray is part of the current subscription, which protects your artifactory. Now, speaking of left and right to artifactory, we are looking at power spend of over a billion dollars left to artifactory developer security and around four billion dollars on the right to artifactory, which is more on time and production environment. So we are very excited about what JFrog Advanced Security can bring in addition to our business.
spk09: Okay, so just to clarify there, Shlomi, I think you mentioned that the preparer mark, so Jacob did, I don't remember, that about 40% of customers already have advanced security. So within a quarter to already almost half of your customers are paying extra for this, or it just seems such a rapid adoption of an incremental paid solution, yet your numbers didn't move in the material kind of a way to suggest that it has a meaningful impact. Help me reconcile the two.
spk11: Yeah, I think that what we said is that 40% of our customers already have x-ray. This is not advanced security. Got it. Advanced security is on top of that and requires an upgrade to a more superior subscription.
spk09: Got it. And what percent of your customers have that?
spk11: We are just in the very early beginnings. We launched JPEG advanced security a few weeks ago. And in the next few weeks, we are going to introduce JFrog Advanced Security for on-prem customers. So we are in the very early beginning. And we hope to see that all the X-ray users will also upgrade to use JFrog Advanced Security.
spk09: I appreciate it. Thank you so much.
spk01: Your next question comes from the line of Michael Turitz with KeyBank. Your line is now open. Hey, guys.
spk13: Thanks. Hey, guys. So macro question first. So some of these trends in cloud optimization and slower migrations were already taking place last quarter. You can see that in the hyperscaler numbers and other places. But you and other people in what's called cloud native development had strong quarters in third quarter and didn't seem to be seeing that impact. So what's changed? Is it just that it's one quarter further into that optimization, or are we actually seeing more new software development projects may be canceled, slowed down, or less developers hired. Is that the change from last quarter to this quarter?
spk10: Yeah, what we're seeing is more pronounced optimization of the cloud usage and also somewhat delays in the customer migration to cloud where some customers put on hold day migration spending additional approvals from sea level while they stopped already investing into expansion of their own self-hosted solutions.
spk13: Right. Yeah, that's helpful to explain that. What I'm trying to get at is whether or not new development projects are slowing in a meaningful way and if that's changed from last quarter.
spk11: Yeah, I'll say that we, Michael, if you run an on-prem environment and you already have the strategic approval to move to the public cloud, what we see now is that you're holding, and that's a very big chunk of the migration process pipeline that we have. The second thing was uh that cloud especially at the end of uh of the last quarter what we've seen is that maybe it's because of the iran maybe because of budget reasons reasons but we've seen our cloud users go and optimize their cloud usage both in storage and data transfer and the last thing is that there are some hybrid users that are now deploying less funds in the on-prem and not yet deploying more funds in the cloud. We had more conversations with C-levels than ever before that are waiting for final budget approval. So the main change that we've seen between the end of last quarter to today is around that.
spk13: Okay. I'll just keep it at that one since we're at the top of the hour. Thanks.
spk01: Your next question comes from the line of Rob Owens with Piper Sandler. Your line is now open.
spk14: Thanks for taking my question. This is Ethan on for Rob. I just wanted to kind of ask a little bit more around the IoT opportunity. I know there's some mention of that in the prepared remarks, and kind of where the market's at with that right now. Are you seeing customers coming to you actively seeking this out, or are you still kind of in an education part of the cycle right now where you're helping customers understand that you have this capability and that you're able to provide them with this type of automated release deployment with software? Thank you.
spk11: Yeah, thank you, Rob, for this question. As you remember, in Q3 we reported one big project that already adopted J4 Connect, the IoT over the air update mechanism. We now have in pipe a few other projects coming from very big customers that want to extend the artifactory and security usage all the way to the connected devices. We are excited about that, that part of the solution that we wanted to see an end-to-end all the way to the device, and it's still happening.
spk02: Thank you. That's it for me.
spk01: There are no further questions at this time. I turn the call back to Shlomi for closing remarks.
spk11: I'd like to thank you all for your attendance today and looking forward to staying in touch. Thank you, everyone.
Disclaimer