JFrog Ltd.

Q1 2023 Earnings Conference Call

5/3/2023

spk01: Ladies and gentlemen, thank you for joining us, and welcome to JFrog's first quarter 2023 earnings conference call. I'll hand the conference over today to Jeff Schreiner, VP of Investor Relations. Jeff, please go ahead.
spk14: Good afternoon, and thank you for joining us as we review JFrog's first quarter 2023 financial results, which were announced following market close today via press release. Leading the call today will be JFrog's CEO and co-founder, Shlomi Benhaim, and Jacob Shulman, JFrog CFO. During this call, we may make statements related to our business that are forward-looking under federal security laws and are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including statements related to our future financial performance, including our outlook for Q2 and the full year of 2023. The words anticipate, believe, continue, estimate, expect, intend, will and similar expressions are intended to identify forward-looking statements or similar indications of future expectations. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our views only as of today and not as of any subsequent date. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward-looking statements in light of new information or future events. These statements are subject to a variety of risks and uncertainties that could cause actual results to differ materially from expectations. For discussion of material risks and other important factors that could affect our actual results, please refer to our Form 10-K for the year ended December 31, 2022, filed with the SEC on February 9, 2023, which is available on the Investor Relations section of our website and the earnings press release issued earlier today. Additional information was made available in our Form 10-Q for the quarter ended March 31, 2023, and other filings and reports that we may file from time to time with the SEC. Additionally, non-GAAP financial measures will be discussed on this conference call. These non-GAAP financial measures, which are used as measures of JFROG's performance, should be considered in addition to, not as a substitute for, or in isolation from, GAAP measures. Please refer to the tables in our earnings release for reconciliation of those measures to their most directly comparable GAAP financial measures. A replay of this call will be available on the JFROG Investor Relations website for a limited time. With that, I'd like to turn the call over to JFROG CEO, Shlomi Van Hai. Shlomi? Thank you, Jeff. Good afternoon to you all, and thank you for joining the call.
spk13: I'm pleased to report that JFROG's first quarter of 2023 Revenue exceeded our prior guidance range, driven by increased cloud usage by our customers and continued adoption of the mission-critical JPEG platform, even in challenging economic environments. Our 2023 first quarter revenue was $79.8 million, reflecting 25% year-over-year growth. Our cloud usage accelerated in the quarter, delivering revenue of $25 million, increasing 49% year-over-year. Customers with ARR over $100,000 grew to 785 compared to 599 in the year-ago period, increasing 31% year-over-year. Customers with ARR over $1 million increased to 21 versus 16 in the first quarter of 2022, up 31% compared to the year-ago period. Our first quarter results demonstrate strong execution in tough macroeconomic environments highlighting the resiliency of our DevOps, cloud, and security initiatives powered by the JFrog platform. I want to address what specifically made Q1 a strong quarter for JFrog. First, while we continue to operate in challenging environments, our customers have pushed forward, expanding their infrastructure with JFrog as a mission-critical piece of the software supply chain management toolset. While some companies may be delaying or re-scoping projects, we are seeing they ultimately need to move forward with high-value initiatives based on solutions like J4. As a result, in Q1, we did see some deals that had been pushed out from Q4 of 2022 reach the closing stage this quarter. As an example, our strategic sales team was proud to migrate our customer weeks to J4 cloud services based on their strategic DevOps workload migration initiative. Wix is a world leader in the cloud-based web development platform domain, providing powerful services and a vast collection of templates to millions of customers worldwide, simplifying website building for individuals and companies. In order to update their application with speed, security, and reliability, Wix realized their on-premise infrastructure would not allow for the agility and scalability they required, leading them to embrace cloud services for their DevOps pipeline. In partnership with the JFOPS strategic customer team, Wix defines the software supply chain end-to-end from cost of production at scale, saying, quote, every month we are transferring massive amounts of data between our development team, production environment, and our customers. J4 Cloud Services is a high-scale, resilient, mission-critical component of our production system, managing container images and software packages of different technologies in multiple regions with full redundancy and full tolerance for our customer-facing applications, end quote. That is Adam Spector, the VP of Engineering of Wix. He also noted, quote, Migrating our DevOps workflow to JFrog's multi-region, highly available software supply chain platform with artifactory at the center allows our team to better support Wix's growth by providing reliable and innovative services, end quote. GateFox stands out in the DevOps and DevSecOps market by offering a hybrid and multi-cloud solution, which allows our customers to fully manage and secure their binaries across their software supply chain while migrating to the cloud at their own pace. We anticipate partnering with more companies like Wix to power strategic development initiatives at the world's most demanding enterprises. Second, I'm pleased to say Q1 showed early indicators of growth in our partners' ecosystem and ongoing efforts to expand our co-sale and channel partner motion. For example, a large partner in Japan built in a Q-Win for J-PAL, one of the most recognizable insurance brands in Asia via our reseller channel. In another example, a top federal partner was able to secure a net new project leading to an enterprise-plus full platform subscription deal in support of a United States federal agency. We continue to believe the global partner motion, in addition to our robust strategic sales and direct sales motion, will expand in 2023. Third, in Q1, despite customers taking steps to be more efficient in their cloud consumption, we saw acceleration of cloud usage in both pay-as-you-go and annual SaaS customers. As businesses continue to streamline, they rightfully look for ways to be more efficient. With that in mind, J4C continues to solidify its position within companies, enabling efficiency, accelerating speed of development, and delivering secure software releases that provide competitive advantage. We're confident J4C will continue to grow its cloud business in 2023, mainly due to increased usage and ongoing migration from self-managed subscriptions toward hybrid or multi-cloud environments. Now, allow me to expand on some broader themes that we anticipate will continue to fuel JFrog in 2023 and beyond. Let me begin with cloud and hybrid. Our customers tell us and we observe it in the community, that cloud migration and strategic hybrid topology adoption remain a top priority for most enterprises. We believe JFrog is uniquely positioned to support enterprises as they migrate at their own pace, handling both on-prem and cloud simultaneously. Many of these initiatives are multi-quarter or multi-year efforts, and we're proud to help new and existing customers drive success in these areas. This was a common theme our top customers highlighted at our Leap event, an intimate gathering of some of J-PROG's influential customers that included representatives from many of the world's most recognizable enterprises. As part of customers' cloud migration journeys, they were excited to hear that our advanced security solution would be available in a hybrid model to support both emerging and historic workloads. Our holistic security capabilities differentiate us from other ventures, and we're proud to be strategic partners as our customers migrate and manage DevOps and DevSecOps across their journeys. To illustrate this from a business perspective, we recently welcomed a leading payments and financial services provider to the JFrog Software Supply Chain platform. This company had previously relied on Sonotap Nexus to manage their DevOps processes on-prem, but was looking for a more scalable, multi-region capable, and hybrid solution. We're excited to support them in their journey as they advance their cloud-first and customers' app-driven services for more than 30 million customers. Next, I would like to highlight DevOps and security tooling consolidation. As more tasks and responsibilities are shifted left to developers and DevSecOps teams, there is increasing difficulty in managing multiple point solutions for each task. This is especially evident in security tuning, where point solutions can force developers to use handfuls of tools and try to make sense of data, action, and reporting leading to long, incomplete remediation cycles, which can ultimately leave companies vulnerable. We believe we have a great opportunity to displace and consolidate functionality of multiple tool sets and even entire security companies. Any customers look at their DevSecOps tooling portfolio and see Nexus Firewall, Synopsys Blackjack, Snyk, Checkmark, Acrosex, just to name a few, as point solutions for many capabilities. This can include open-source software, curation and scanning, code scanning, container security, environment protection, and more. We understand this fall is not sustainable for developers or the business. By addressing multiple areas of security in one platform, we believe JPOG's holistic DevSecOps tooling is well-positioned to address customers' needs across the software supply chain. As additional value, We combined with the power of the J-PROC platform with Artifactory as a single source of record for DevOps. Our customers can control and secure their entire pipeline from developers to device. Therefore, the J-PROC security approach is to provide a comprehensive platform-driven solution that we're confident will bear fruit as the software supply chain security market matures. We see early indicator of this in Q1. For example, with our J-PROG platform customer, Interven Biosensors, a life science company firing glycoproteomics that aims to make the new era personalized, predictive, and preventative care a reality. After initially choosing J-PROG Artifactory for end-to-end binary lifecycle management, companies like Intervent are positioned to standardize many security capabilities with the JFOG platform, while point solution in the market increasingly becoming redundant to JFOG security capabilities. In addition to commercial adoption of our security tools, we were excited that the recent RSA Security Conference could be recognized by the Global InfoTech Award as the most comprehensive DevSecOps solution. We look forward to building on our commercial success and industry recognition as we continue to listen to our customers' needs across our security portfolio. Third, I would like to focus on the ever-increasing need for both speed and trust in the software release cycle. At our LEAP conference, some of our leading customers were very clear. They have a need for speed but cannot sacrifice security and reliability across the global infrastructure. We were excited to welcome presentations by not just one of the top automotive companies in the world and one of the top IT firms in the world, but also one of the top global gaming development companies with hundreds of millions of players across the last decade. We were proud to see how the rapid release cycle was powered by the JPEG platform providing them with a global scale, highly available, fully federated architecture, keeping the developers productive, and delivering software with trust. Next, I want to highlight an important executive staff update. J-PROG made a strategic hire in March, proudly welcoming our new CIO, Aran Azarza. Aran has over two decades of experience in IT and cybersecurity, developing global systems and implementing leading security strategies. Under his leadership, we look forward to accelerating and scaling our corporate infrastructure, allowing us to serve customers even more efficiently while impacting the bottom line. Well, come on. In closing, I'd like to reflect on JPROC's commitment to profitable long-term growth and cash flow generation. While creating value for both our customers and shareholders, as we focus on execution across the business. Driven by the strength and adoption of the JPEG platform and our expectations for future contributions from the platform security core, we believe our operating model can achieve a five-year revenue CAGR of 22 to 24% through fiscal year 2027, which would apply a potential revenue range of $775 to $825 million. while delivering free cash flow in the range of $200 to $240 million, implying estimated margin of 26 to 29%. With that, I'll turn the call over to our CFO, Jacob Schulman, who will provide an in-depth recap of Q1 financial results, update you on our guidance for Q2 and for fiscal year 2023, as well as provide more details on the assumptions within our long-term model. Jacob. Thank you, Shlomi, and good afternoon, everyone. During the first quarter, total revenues were $79.8 million, up 25% year over year. Our stronger-than-expected revenues in the quarter were driven by ongoing customer adoption of the J4 platform and higher-than-expected contributions from our cloud business. In the first quarter, our cloud business saw a sequential improvement in usage delivering revenue of $25 million, up 49% year-over-year. While the improvement in usage helped drive high quarterly revenues, we don't believe the overall industry trend related to optimization is completely in the rearview mirror. We remain cautiously optimistic that the first wave of customer optimization is likely behind us and anticipate our customers will grow with JFrog in a more efficient manner going forward. We view the recent increase in usage by our customers as a positive signal that the need to generate software continues to be a secular trend and see the customer optimization efforts as short-term adjustments driven by macroeconomic challenges, not a shift in how infrastructure software is utilized. We still anticipate our baseline growth rate within our cloud business will remain in the mid-40s during fiscal year 2023, with any potential upside generated by increased customer usage. Self-managed revenues on-prem were $54.8 million, up 17% year-over-year during the first quarter. Overall expansion within self-coasted has slowed relative to prior year results, given the shift by large customers towards hybrid deployments, which have favored expansion into the cloud. We believe the announced release of JFrog advanced security for self-hosted, which occurred during the first quarter, can be a catalyst for revenue growth and customer expansion. Net dollar retention for the four trailing quarters was 124%, a decline of four points due to the micro-headlines. Our growth retention continues to be 97%, with no change in overall customer return trends. In Q1, 44% of total revenue came from Enterprise Plus subscriptions, up from 35% in Q1 of 2022. Now, let me discuss our income statement in more detail. Gross profit in the quarter was $66.2 million, representing a gross margin of roughly 83% compared to 84% in the year-ago period. Higher mix of outlawed business impacted gross margins on a year-over-year basis. Aggregating expenses for the first quarter was $63.5 million, up only $1 million sequentially, equaling 80% of revenues, compared with $53.2 million, or 84% of revenues, in the year-ago period. Our year-over-year growth in operating expenses reflects ongoing investments in our go-to-market motion, security, and strategic sales team. Non-GAAP operating profit in Q1 was $2.7 million, or a 3.4% operating margin, compared to an operating profit of $543,000 or 0.9% operating margin in the prior year. We delivered another quarter of positive net income equaling $5.9 million or 6 cents per diluted chair based on 107 million diluted chairs outstanding versus a year ago income of $158,000 or 0 cents per diluted chair. Turning to the balance sheet and cash flow, we ended the March quarter with $447 million in cash and short-term investments, up from $443 million as of December 31, 2022. Cash flow from operations was negative $1.1 million in the quarter. After taking into consideration topics, free cash flow was negative $1.4 million, or negative 2% free cash flow margins. Our operating cash flow and free cash flow margins were negatively impacted during the quarter due to the timing of billings and repayments for license renewals. This does not change our expectations for low double-digit free cash flow margins in fiscal 2023. As of March 31, 2023, our remaining performance obligations totaled $210.6 million. Before providing our guidance, I would like to discuss in more detail the underlying assumptions in our long-term target model. Our estimated five-year revenue CAGR of 22% to 24% through fiscal year 2027 assumes the current macroeconomic condition would persist for several quarters and implies our cloud business will remain the primary driver of growth. We believe on an annual basis, contribution to cloud growth will likely be driven primarily by customer expansion of subscription tiers and use cases, our new advanced security add-on, and to a lesser extent, cloud migrations. Our assumption for our self-hosted business implies growth driven primarily by expansion of use cases and adoption of our end-to-end platform, including the security core. Given higher expected mix of our SaaS revenues, we would anticipate our gross margin to trend lower toward the range of 80%. In line with our prior targets, as a percentage of revenues, we anticipate spending on a non-GAAP R&D would be a range of 20% to 22%. Investment in sales and marketing on a non-GAAP basis should move from 38% in fiscal year 2022 to a range of 26% to 28% by 2027. overall spending on the non-GAAP G&A to trend toward the range of 8% to 10% by 2027, down from the 14.6% reported in fiscal year 2022. Based upon our forecast for revenue, gross margin, and non-GAAP operating expense, we would anticipate a range of non-GAAP operating income of 21% to 23% compared to the half percent margin reported in fiscal year 2022. Assuming an additional 5% to 6% for delta between non-GAAP operating income and free cash flow implies a potential fiscal year 2027 free cash flow margin range of 26% to 29%. This would suggest, on a dollar basis, free cash flow greater than $200 million by 2027. We believe this long-term target model reaffirms JFRO's commitment to profitable growth. something embedded in the company's DNA for years. We see the adoption of the JFrog platform and the addition of its recent security core as critical infrastructure software solutions, allowing our customers to manage, secure, and distribute binaries across their software supply chain. Finally, I'd like to speak about our guidance for the second quarter and full year 2023. Our full year 2023 expectations continue to estimate strong growth in our cloud business. We reiterate our belief that our trailing 12-month net dollar retention ratio will be in the low 120s for the fiscal year 2023. We forecast continued expansion in our operating and free cash flow margins through fiscal year 2023, given our continued focus on profitable growth. For Q2, we expect revenue to be between $82.5 million to $83.5 million, with non-dub operating profits between $3 to $4 million, and non-GAAP earnings per diluted share of 4 to 5 cents, assuming a share count of approximately 108 million shares. For the full year of 2023, we anticipate a revenue range between $341.5 million and $345.5 million. Non-GAAP operating income is expected to be between $19 million and $20 million, and non-GAAP earnings per diluted share of 19 cents to 21 cents, assuming a share count of approximately 110 million shares. Now let me turn the call back to Shlomi for some closing remarks before we take your questions. Shlomi? Thank you, Jacob. We are excited to see that our customer base across multiple vertical geographies and implementation types continues to see J-PROG as mission critical. As we leap ahead in 2023, I want to thank the JFrog team for delivering on a quarter that exceeded the goals we set. The Frogs passionately work to support our customers and drive success in a complex market across DevOps, security, and IoT. Thank you all for your attendance, and may the Frog be with you. And now, we'll be happy to take your questions. Operator?
spk01: At this time, if you would like to ask a question, please press star, then the number one on your telephone keypad. If you would like to withdraw your question, press star one again. Your first question comes from the line of Sanjit Singh with Morgan Stanley.
spk11: Thank you. Congrats to the team on a solid start to the year. I wanted to start a little bit with the demand trends that you saw throughout the quarter. You guys, you know, service tech companies, but also large enterprise companies, as well as banks. And coming off some of the headlines around Silicon Valley Bank, what were some of the demand trends from a booking perspective in the back half of March and then the early reads on April and May?
spk13: Hi, Sanjay, and thank you for the question. This is Shlomi. So regarding the demand that we've seen in the first quarter, it was actually, as described, split into three things that we have seen. First, our strategic team going direct after some pipeline that was pushed out from 2022 and fulfilled it. Second, by partners that promoted the J4C platform, and our partner team worked closely with them, both for new opportunities and existing customers' expansion. And third, obviously, the cloud. which was the main change between the last quarter of the previous year and this first quarter of this year, cloud consumption looks like coming back, especially because of the fact that JFrog provides an infrastructure cloud service. So optimization goes to a limit, as you understand, and we started to see the numbers climbing back. If I may add to that, with regards to the cloud consumption, the quarter started very similar to the Q4 trend and then accelerated as we progressed through the quarter.
spk11: Understood. Yeah, that's very helpful context. And then I guess a question on the long-term model. I guess I was a little surprised to see you introduce those five-year targets. If I look at the revenue growth today, we're growing sort of the low to mid-20s, and I The five-year view basically says that growth will sustain, I know, 22% to 24%. So can you talk about what gives you the confidence to, in this highly uncertain environment, to have the confidence to go out there with a five-year view on growth and on free cash flow margins? And if you could give us any sort of context. I think Jacob walked us through some of the assumptions, but is it going to be a function of additional products? Is it going to be a function of security becoming a larger part of the business? Are you going into other marketing segments to sort of unpack the growth equation for us?
spk13: So, yes, we base the models basically on two vectors that we believe we will see additional sustainable growth in the next five years. One of them is the cloud business, our cloud services. As you know, We projected and guided that this will go at the mid 40 and we see this trend still coming in and the portion of revenue that comes from the cloud versus the on-prem is still goes as we project. So we think that it will have further contribution in the next five years. Second, we invested a lot in security. We released this quarter the self-hosted version of JPEG Advanced Security In the last quarter of 2022, we released the cloud version of it. We believe that security will play a significant role and will bring material revenue impact in the next five years.
spk11: I appreciate the context, Sami. Thank you.
spk01: Your next question comes from the line of Pinjala and Laura with JP Morgan.
spk02: Hey guys, this is Noah on Flipangela. Thanks for taking our questions. First, what has been the impact, if any, from the advanced security skew for self-managed data that launched in March? And just also have a quick follow-up.
spk13: Yes, the self-hosted version of advanced security was just launched in early March. and it did not have any material impact on the quarterly results we're happy to see the customer engagement uh we have first customers in production but it's uh for the quarter itself it wasn't material got it and then i guess you know you know what would be the rationale behind introducing um number of developers as a pricing lever for advanced security
spk02: And also, it seems like the price for the Enterprise X for cloud came down dramatically. What was driving that decision?
spk13: Yes, so advanced security is a new product for us. And there are several goals we wanted to achieve by introducing this metric. First of all, it should be a seamless metric between SaaS and self-hosted. Second, it should be comparable to the competition into the market. So when, as we said, we have a lot of expectation that this solution will replace and help to consolidate other solutions, other point solutions in the market. So to help our customers to compare the business value also with the technical value, that also the decision was to go by seed. Lastly, we see a lot of opportunities as this product will continue to expand and our customers will continue to consolidate on this product going forward. I would add to it the fact that, first of all, as Jacob mentioned, the market is used with the security solution around DevSecOps to a BISIC model. This is one aspect, but we also have to remember that this is coming, our security solution, JFOG Advanced Security Solution, comes on top of the current subscription. So we had to come up with a model that also makes sense for our customers to pay more than the base subscription.
spk15: Great. Thank you so much.
spk01: Your next question comes from the line of Brad Rebat with Stifel.
spk07: That's great. Thanks very much. Shlomi or Jacob, as you sort of think about the optimization commentary that you guys presented here, any sense of the accelerating usage coming from net new workloads as opposed to customers just finding fewer ways to save money?
spk13: Your question referred to the cloud business?
spk07: Yes, Shlomi, exactly.
spk13: What we charge for in the cloud, and this is very much aligned with the best practices in the market, is for storage of binaries and data transfer of binaries. So optimization goes around this for both new customers and existing customers. Our cloud business is split between annual commitment and monthly commitment. On the monthly commitment, we see more new business. This is, I think, what you refer to in your question. And the annual commitment, we saw that the optimization that we experienced in the last quarter of the previous year started to climb back to the numbers that we saw. And obviously, we hope to see that these commitments are being renewed during the year. If I may add to that, as we see our customers adopting a full platform, so our platform is not just used in developer environments, also used in production environments, So definitely cloud usage is driven by not just standardization of customers or for development, but new workloads that reflect the operational activities as well.
spk07: That's great. Very helpful. And then just high level, I've gotten a few questions on this. Is there any disproportionate vertical exposure in the customer base or is it fairly broad based? Thanks.
spk13: It is fairly broad-based. We have very diversified customer base. None of our customers represents more than 2% of our revenue. The largest verticals for us would be the financials and the tech industry.
spk15: That's great. Thank you very much.
spk01: Your next question comes from the line of Mike Sitos with Needham.
spk04: Hey, guys. You have Mike Sitos on the line here, and thanks for taking the question. If I could just build off the last question for a second, I know that you guys are citing financials in the tech industry as the largest two verticals. And I think it was a little surprising given the level of enterprise exposure that you guys have and let's say that financial services exposure specifically that you guys didn't seem to be impacted by maybe some of this broader financial shock to the system we're seeing with some of the regional banks. Can you help us think through maybe why you why your solution or why the growth with your customers seem to be a little bit more immune versus some of the chatter we've heard from other companies that are reporting this season? And then I have a follow-up as well.
spk13: Yes, Mike. I think that when you look at the market, whether it comes from one sector versus the other, the infrastructure is a matter of will you or will you not build software? I don't know any bank or any other organization that will stop build and release software. And this is our business. So we have a reason to believe that this is a bit more sustainable than applications or other services that are provided in the cloud. The second trend that we see is that both on-prem and cloud are going to coexist and stay in different industries. And the fact that we provide both of them And sometimes both of them at the same time to the same organization give our customer the flexibility to move between the cost that they have on a self-hosted infrastructure piece like J-PROG versus the consumption based in the cloud and manage the migration based on their own pace. If I may add to that, we see our products provide tremendous value in organizations of larger scale. that spread out in different regions, global organizations. And therefore, Mike, we do see ourselves more installed in top-tier financial institutions and to less extent exposed to smaller regional banks.
spk04: Got it. Thank you. That was going to be something I was going to drive at next, Jacob. I appreciate you calling out the lack of exposure with regional banks. And then I guess if I could just have my follow-up here. I know that a lot of people are circling around the commentary you guys offered regarding the accelerating cloud usage through 1Q. I think it would be helpful, at least from my perspective. I know that you said 1Q started with very similar trends to what you guys had seen in 4Q. So two points here. One, during 1Q, when did the trend start to – normalize or return to a more typical, I guess, growth algorithm versus where you guys have been in 4Q and the start of 1Q, and then any commentary you'd be able to provide on how that trend played into April. I imagine that's one of the things you guys are factoring into your guidance here for 2Q, but I think both of those data points would be helpful around the cloud consumption.
spk13: Yes. So we did see our... Cloud usage growing faster in the month of March. And in April, we did see kind of similar trends. Obviously, our guidance assumes certain level of conservatism. We said on the call that we don't think that the optimization is fully behind us. We do expect that our customers will continue to grow more efficiently. And so there's still a lot of uncertainty in the market, and therefore our guidance does assume some level of conservatism.
spk04: I appreciate the commentary. Thank you, guys.
spk01: Your next question comes from the line of Kingsley Crane with Canaccord.
spk05: Hi, thank you. So one for Shlomi and one for Jacob. Seems like a significant portion of the immediate opportunity for advanced security is in on-premise. How incremental is the advanced security update compared to only having it for cloud in the past? And then how much of this is baked into the fiscal 23 guidance?
spk13: So the JPEG advanced security in the self-hosted version is actually answering our hybrid philosophy and strategy. The majority of our customers are still using a self-hosted version, therefore we think So there is a lot of room for growth there. And it's based on an identical model as the cloud, which is a by-fit. So we think that there's a lot of room to go with the self-hosted JFrog Advanced Security. The second reason that we were excited to announce that this quarter was that most of the point solutions that we are aimed to displace with the JFOG platform and with advanced security on top of it, are self-hosted solutions. So we know that the market is fragmented, and we are coming with a solution both for the cloud and self-hosted with a financial model that is aligned also with the target of this space. Yes, and McKinsey, we said that we expect material contribution from advanced security products in fiscal 2024. So we're ramping up. We're very happy with the customer engagement. We see a lot of opportunities, and we expect material contribution from advanced security in 2024.
spk05: Okay. Thank you for the color. And so one more. So you're solidly profitable today. I just want to think about capital deployment moving forward. What's the appetite for M&A in terms of valuation and ability to integrate an asset? And then also stock at these levels, would a stock buyback be something you would ever consider?
spk13: Yeah, so first of all, our board constantly looking at ways to optimize capital structure and consider different options. In terms of M&A, we see a lot of opportunities in the market, whether it's in fragmented markets. So we believe in the future there will be opportunities which we will act on if they come.
spk15: Okay. Very helpful. Thank you.
spk01: Your next question comes online. Koji Okada with Bank of America.
spk10: Hey, guys. Thanks for taking the questions. I wanted to go back to some of the commentary that you had from a prior question and also in the prepared remarks about optimizations where you don't believe that optimizations are fully behind. You know, you said you feel the first wave is behind, but optimizations are not fully behind. And it seems like you're alluding to there might be a second wave here, or maybe I'm reading into too much. But, you know, what are you hearing or seeing out there that makes you believe, you know, there may be another wave or another optimization wave could be coming? Is there a certain geography or vertical that you're thinking about? Or, you know, help us understand that kind of commentary that you had.
spk13: We don't expect second wave. What we see is that continued effort by our customers to use cloud in more efficient manner. As you know, Kozhi, we charge by data transfer and storage. Storage is more immediate optimization, provides more immediate optimization results, and data transfer more longer-term optimization process. So we see that our customers are very cost-oriented. The budget is still tight and they want to be in budget because otherwise they would require additional approvals. So what we see is that customers continue to use the products because it's infrastructure play. They continue to grow with us, but they will continue to grow with us in a more efficient manner going forward. Koshy, I would add to it. different segments that we see. There are companies, big enterprise, that are in the process of migrating to the cloud and might slow down because they still have their on-prem solution for infrastructure. They use JFrog. They are in the process of migrating and might slow down with how much workload they move to the cloud. And there are the others that already migrated or signed with us already with a cloud solution to start with. And these guys will probably have to prioritize infrastructure versus other activities that they have in the cloud. In both scenarios, we are being very careful with what we project. And we don't want to say that the optimization is behind us, but the big wave of optimization that we saw in the last quarter of the previous year was more significant than what we saw this quarter. This is why we have reason to believe that the market is slowly coming back.
spk10: Got it. No, thank you. And then on the 2027 target, the revenue target, assuming a 22% to 24% CAGR there, just wondering what sort of embedded assumptions you have in that specifically from an NRR perspective. Thanks, guys. Thanks for taking the question.
spk13: Yeah, we expect our net dollar retention to be in high teens up to 120% over the course of this period.
spk10: Got it. Thank you. Thank you very much.
spk01: Your next question comes from the line of Ataya Khadram with Open Harbor.
spk09: Hey, guys. Thanks, and nice quarter. Since Koji asked about the fiscal 27 guide, I'll start with that as well. The margin targets you have for that year are slightly lower than what you had in your previous long-term model. Can you elaborate a little bit on that, the reasoning behind it?
spk13: Oh, we do expect high contribution from from SAS. We do expect as a result of that, it's probably more impact on free cash flow because SAS is tend to be more shorter term contracts today. At least we don't have many multi-year contracts in in in the SAS business and SAS becoming bigger portion. That's what will probably impact slightly the free cash flow. In terms of profitability, I think we provide the same targets.
spk09: Okay. And then on the upside in the cloud in the quarter, can you double-click on that a little bit? Is there any color you can provide on how broad that was? Were there one or two, three customers that really jumped up their usage? Any vertical or region where this was more pronounced? I'm just trying to kind of find a common denominator there.
spk13: Yes, so first to the question, whether it was one customer or across the board, we saw it everywhere, not by geography, not by sector or not by one customer. It was a trend. I think that most of the companies were instructed at the end of the previous year to cut costs on hosting and they moved very fast. And as Jacob mentioned before, the low hanging fruit storage and the cleanup of the repositories. And now they had to start the year and start to rebuild the rental factor to enable the service. So we started to see it coming back. So no specific sector, geography, or customer. And coming back is normal for us. And it took time. It didn't start on January. It started at the end of the quarter. And this is where we saw it starting to climb back.
spk09: Okay. And then lastly for me on the advanced security, nice to see that come on premise, I guess, on the hosted. I guess, Shlomi, I'm trying to get into the long-term potential of this, the attach rate of this to your base. Do you think there'll be differences that the attach rate of advanced security of SaaS customers is going to be any different than non-SaaS customers? And can you talk about what is the dollar uplift usually for a SaaS customer adding this versus a non-SaaS customer adding this? Thank you.
spk13: Yeah, so when we are looking at the portfolio, we have three different options. One is fully self-hosted, second is hybrid, and third is fully cloud. We started with the cloud. Obviously, that was a faster time to market because the customer doesn't have to install anything and there is no hassle. You just click and start. And that was a great launch for J4 Github security at the end of 2022. And then this quarter, we released the self-hosted, which requires a deeper conversation of how do you embed that with what version of the platform. So that came second when we already had some practices. We think that... In today's J-Fog customer's portfolio, the majority are still self-hosted and the big enterprise are using multiple tools. The majority of them will use more than 10 different tools to cover the DevSecOps. So J-Fog Advanced Security is very appealing in terms of consolidation, in terms of performance features, and keep the software supply chain secure, focusing on the value that the platform brings. And we hope that while they will migrate to the cloud, because as you see, we push the cloud business as well in parallel, while they migrate to the cloud, it will be an easy, smooth move because they will already have it installed and practiced in their organization.
spk15: Thank you.
spk01: Your next question comes from the line of Miller Jump with Truist Securities.
spk03: All right. Thanks for taking the question and congrats on the solid execution in the quarter. So I guess first one, kind of want to start on hiring. A lot of your competitors have pumped the brakes on hiring or, you know, even made cuts to headcount in the beginning of the year. So can you guys just talk about how you think about hiring in the current environment and how that goes with sales productivity, especially given the leverage that you just called out in your long-term model there?
spk13: Yes, I'll take that question, Miller. So first of all, as you know as well, we've been growing in a very efficient manner. So our plan and execution and a path to profitability have started many years ago. And this is what's been better than the company's DNA. So in the first place, we did not hire so many employees. So we didn't have to go through a reduction in force. Second, we did slow hiring, and we report that actually in the second half of last year. And we're focusing on improving of efficiency and profitability. We do reallocate some resources to the project with high ROI. We close projects that don't provide some ROI. We focus on execution. We focus on performance. And therefore, we continue to do a kind of improvement on an ongoing basis. And therefore, we didn't have to go through this big headcount reductions.
spk03: Yeah, that makes sense. And then I guess another question, just a trend that you called out last quarter was kind of the pay-as-you-go customers shifting to annual contracts. Is that something you continue to see in Q1? And I guess, is there any impact that we should think about there as far as your guidance?
spk13: Yeah, the transition of pay-as-you-go customers to annual is a natural progression of these customers. Typically, new customers start as pay-as-you-go because they're not yet familiar with the product. They don't know yet how they're going to utilize them. And therefore, they want to be cautious that not willing to commit to long term once they use the products that they become familiar then they only then they know that they want to commit and get to the maybe some discounts depending on the size of the commitment so it's a natural progression of of our customer journey and it's actually beneficial for jfro because the longer commitment the better the road map we could work on with the customer and the better value they could deliver, see from the products. So we continue to see some customers transition in from pay-as-you-go to annual commitments this quarter, but it's just Q4 was more pronounced given this additional budget strict requirements that was imposed on some of our users. And to be very clear about that, that's, as Jacob mentioned, also part of our strategy. We would prefer to have customers committed to an annual contract and to build the roadmap with them, build the platform with them as it's aligned with the strategy. This will only happen if they will be committed to a long run. So yes, we will see it, but it's also very much aligned with the way we direct our strategic sales team to push it.
spk01: Your next question comes from the line of Jonathan Rohaber with Kantor.
spk12: Yeah. Hey, guys. Nice, nice quarter. So I'm wondering if you could talk about how you feel around the opportunity with pipelines. You know, I know that the focus has been on Artifactory. And by design, you have built, I think, numerous integrations with other CICD tools. Any updated thoughts on how you see your positioning there? Anything you might be doing around innovation and or packaging or pricing that might change that opportunity with Pipeline?
spk13: Yes, thank you for this question. Pipeline is a J-PROG CICD solution to better automate the process within the platform. Now, remember, the business that we are in is moving binaries from one stage to another. JFOG pipeline is probably the best way to automate these processes, not just in terms of from build to test to release, but also in terms of automating security as part of the DevSecOps solution we provide. JFOG pipeline completely integrates with whatever CICD tool you have in the market. So whether you use GitHub Action or Jenkins or other tools, JFOG pipeline will integrate with that. And this is actually another motivated feature or product that lead our customers to adopt the full platform. In our leap event that was mentioned in the script, we shared with our top customers the new capabilities of software releases from one stage, one environment to another. This is all behind the scenes powered by J-Folk Pipeline. So it's an integrated piece of our platform, which makes our platform more automated and ready for the next gen.
spk12: So talk about that go-to-market motion with pipelines then, because I would imagine that customers already using Jenkins or some other CICD tool that they would have to be sold quite heavily on the need for a pipeline.
spk13: Yeah, so there are two ways to look at it. The first thing is that pipeline is part of our platform subscription, and it would be a reason for you to upgrade from a lower subscription to a higher subscription in our model. Second, pipeline is also consumption-based, both on a self-hosted and in the cloud. So if you use more more than the base, then you pay more. The motivation on the customer side would be around better, faster releases that would be more secure, and we keep adding more and more features to it. Some of it is integrating with your CICD, which were chosen by the developers a step before, and some of it while you are implementing the platform.
spk12: Okay. That's helpful. Thank you very much.
spk01: Your next question comes from the line of Rob Owens with Piper Sandler.
spk00: Yeah, good afternoon and thanks for taking my question. With all the focus around generative AI and its applicability across DevSecOps, wondering from your purview, number one, thought process around where it could benefit your product set and interesting follow-up, I guess, to the prior question. And then number two, just from where you sit, potential impact on the industry. Does this lend to more opportunity for JFrog down the road? Thanks.
spk13: Yes, obviously, a great question. Thank you. Listen, AI, by definition, is here to replace human and human innovation in the process of building, releasing and securing software in our domain. JFrog is a binary company. We are dealing with binaries. So obviously, the more you create, the more you build, you create more binaries. And this is for us, would be a great opportunity. So we were forever a machine language company. So AI is blessed because it will generate more business for J-POP. What we have to make sure is that this business is not being disrupted by automation of how you maintain binaries as well. But this is from the get-go what we've built with Artifactory. So obviously, we are very excited about the opportunity. You know, 10 years ago, CICD generated machine work versus developers and created more work for binaries, for binaries people. So AI is a big opportunity for a company like JFOC. The second side of it is the security piece that we are managing. Security can be powered by AI, not only around scanning and around finding vulnerabilities in CVEs, but also in remediation. So when you have to replace a binary that is stored in the factory and put it in production, this can be done by AI. And we are excited about these opportunities. We are looking at the different ways of implementing responsible AI because, as you probably know, some of the regulations are also being created as we speak now so it's not just about what feature or what trend we want to cling on is how responsible should we be when we build the automation that remove the human intervention from the process and implement a smart and responsible ai and uh we are looking at it on the highest strategic level of jpro regarding the market What would be the result of AI? The result of AI would be how many developers can be replaced by implementing AI. And this means source code. It doesn't mean binaries. Because whether you build software with people or with machines, you build binaries. You deploy binaries. You take binaries all the way to production. And what we have to make sure is that we better integrate with this ecosystem and follow the next generation of DevOps and DevSecOps that is also powered by AI and not just by developers.
spk00: Thank you for the color.
spk01: Your final question comes from Michael Turris with KeyBank Capital.
spk06: Hey, guys. This is Billy on for Michael. Congratulations on the results in the quarter. It seems to make sense that since you're not a seat-based model, It seems reasonable you'd be less impacted or not directly impacted by developer headcount reductions. But have you seen any slowing in development projects and the pace of software development as a result of developer headcount reductions across the industry?
spk13: So our customers are telling us that they have to prioritize things. That's, I think, the real world behind this kind of balancing that we see in the market. They have to prioritize. Maybe a year ago, they would just throw money on all kinds of experiments. This year, they will take it in a bit more disciplined way. The second thing is that if you were in a process of migrating to the cloud, it will require a period of a parallel infrastructure environment moving your legacies to the cloud doesn't happen in a day it will happen over a period maybe sometimes a multi-year project and some of them push this decision further although they know that strategically they will go there they push it further so in both ways whether you prioritize or you are not enabling a hybrid environment this will have an impact on our projections
spk01: There are no further questions at this time. I'll turn the call back over to Shirlami for closing remarks.
spk13: I'd like to thank you all for your attendance today. We had a wonderful quarter, and we are looking forward to share with you more results in the coming quarter. May the frog be with you. Thank you.
spk01: This concludes today's conference call. Thank you for attending. You may now disconnect.
Disclaimer

This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.

-

-