Ladies and gentlemen, thank you for joining us and welcome to JFrog's Third Quarter 2023 Earnings Conference Call. I'll hand the conference over today to Shanti Ariker, Chief Legal Officer. Shanti, please go ahead.

Good afternoon, and thank you for joining us as we review JFrog's third quarter 2023 financial results, which were announced following market close today via a press release. Leading the call today will be JFrog's CEO and co-founder, Shlomi Ben-Hayim, and Jacob Schulman, JFrog's CFO. During this call, we may make statements related to our business that are forward-looking under federal securities laws and are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including statements relating to our future financial performance, including our outlook for Q4 and the full year of 2023. The words anticipate, believe, continue, estimate, expend, intend, will, and similar expressions are intended to identify forward-looking statements or similar indications of future expectations. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our views only as of today and not as of any subsequent date. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward-looking statements in light of new information or future events. These statements are subject to a variety of risks and uncertainties that could cause actual results to differ materially from these expectations. For a discussion of material risks and other important factors that could affect our actual results, please refer to our Form 10-K for the year-ended December 31, 2022, filed with the SEC on February 9, 2023, which is available on the Investor Relations section of our website and the earnings press release issued earlier today. Additional information will be made available in our Form 10-Q for the quarter-ended September 30, 2023, and other filings and reports that we may file from time to time with the SEC. Additionally, non-GAAP financial measures will be discussed on this conference call. These non-GAAP financial measures, which are used as measures of JFrog's performance, should be considered in addition to, not as a substitute for, or in isolation from, GAAP measures. Please refer to the tables in our earnings release for a reconciliation of those financial -- of those measures to their most directly comparable GAAP financial measures. A replay of this call will be available on the JFrog Investor Relations website for a limited time. With that, I'd like to turn the call over to JFrog CEO, Shlomi Ben-Haim. Shlomi?

Thank you, Shanti, for the introduction, and thanks for stepping in today as we send warm wishes for a fast return to health for Jeff Schreiner, our VP of Investor Relations. Greetings from Israel, good afternoon, everyone, and thank you for joining us. On Saturday, October 7, the Nation of Israel awoke to a brutal terrorist attack targeting its civilian population. This tragic event resulted in the loss of innocent lives, including children, women, and the elderly. This heartbreaking incident escalated rapidly into an expanded war against the terrorist organization, Hamas. A few hours into the situation, JFrog, as a global Company with a presence in 10 different countries, activated its business continuity plan comprising three pillars. First, our internal plan to ensure the safety of our employees in Israel and maintaining communication channels. Second, is a technology pillar to ensure continuity of our services, security, cyber defense, and R&D. Finally, we activated the plan for external facing activities to ensure continuity of our customers' engagement, support, and external communication. I'm pleased to report that our operations are running smoothly and our employees are safe and accounted for. Notably, the conflict in Israel has not prompted us to change our physical year 2023 business goals that were previously shared with you. We are closely monitoring the situation but remain confident that the Company will meet these targets. We extend our heartfelt condolences to the families who have tragically lost their loved ones. Our thoughts and prayers are with them during this incredibly difficult time. We pray for the safe and fast return of the hostages who have been kidnapped by Hamas and we hope for the complete recovery of the thousands of individuals who have been injured. With that, I will move to the business. I'm pleased to report that…

Thank you, Shlomi, and good afternoon, everyone. During the third quarter, total revenues were $88.6 million, up 23% year-over-year. Our stronger than expected revenues in the quarter were driven by continued strength in our cloud business and expansion of large customers on the JFrog software supply chain platform. In the third quarter of 2023, our cloud business saw sequential expansion in customer usage, equalling revenues of $30.6 million, up 46% year-over-year. We're happy to see the acceleration in our cloud business growth, driven by continued increase in cloud usage and better collaboration with public clouds to enable large customers on their marketplaces. We reiterate our baseline cloud growth rate of mid-40s during fiscal year 2023. Self-managed revenues on-prem were $58 million, up 14% year-over-year during the quarter. We continue to see that our customers' roadmaps and plans are focused on SaaS migration, and therefore, they do not expand their on-prem footprint at the same pace as in prior years. We continue to believe that our security solutions can be a potential catalyst to re-accelerate revenue growth and customer expansion within our self-hosted business. Net dollar retention for the four trailing quarters was 119%, a decline of one point sequentially. As predicted, NDR is stabilizing, and we continue to expect our net dollar retention rate for the year to be at these levels. Our gross retention continues to be 97%, with no change in overall customer return trends. In Q3, 46% of total revenue came from Enterprise Plus subscription, up from 39% in Q3 of 2022. Revenue from Enterprise Plus subscription grew 46% year-over-year. Now let me discuss our income statement in more detail. Gross profit in the quarter was $74.1 million, representing a gross margin of 83.7%, up by 10 basis points from the second quarter as economies of scale…

Thank you, Jacob. We believe that Q3 strong results showcased the alignment with our long-term strategic growth plans as we continue to meet technology and business goals. To JFrog tireless global teams, thank you for your focus, solidarity, passion and execution. Q3 is a testament to our resilience. I'm excited to welcome Ed Grabshid as our new CFO beginning January 1, 2024. Ed brings vast experience prior to his time at JFrog and in the past four years as part of our finance leadership. Ed, we are confident that your leadership will continue to drive JFrog's success. From here, I would like to send our CFO, Jacob Shulman, the best of wishes on his next journey. While you will be with us through the end of this year, I'll take the opportunity now to thank you, Jacob, for the years of friendship and partnership. You will always be a Frog. I would also like to congratulate Orit Goren, who was recently appointed as our Chief Sustainability Officer, highlighting JFrog's commitment to maintaining and driving responsible business. After many years as our Chief Operation Officer, I want to thank you, Orit, for taking on this very important role. In closing, our thoughts and prayers continue to be with the families affected by the brutality of the terror on Israel. Israel, like JFrog, is strong and will prevail. -- we hope for peaceful and secure days ahead. With that, thank you all for joining us for our Q3 earnings call and may the Frog be with you. Now we will be happy to take your questions. Operator?

Thank you so much. [Operator Instructions] Okay, it looks like our first caller is from Pingelambora from JP Morgan. Go ahead, please.

Hey, guys, this is Noah on for Pingelamb. Glad to hear everyone is staying safe. And congrats, Jacob. It's been great working with you and looking forward to working with you as well. Can you maybe just walk us through what you're seeing in terms of the cloud optimizations at this point and any other incremental color you could provide on what to owe the acceleration of cloud revenue growth? Thanks.

Yes, no. So the trend that we see in Q3 continued positive momentum on cloud usage. As you could see, our revenues accelerated, driven primarily by usage of our large customers and growth of our large customers and marketplaces. So that's very positive. We continue to see that migrations will accelerated a bit from prior quarter still below prior year levels and the overall adoption of our enterprise platform solution on marketplaces continue to drive our cloud revenues, and that's the reason for acceleration in the cloud in the quarter...

Okay, thank you so much. Next, we have a question from Koji Ikeda, BofA Securities. Koji, go ahead.

Yeah, hi. Thank you. Thanks for taking the questions. Just wanted to follow-up on the cloud growth, the strong growth there. And Jacob, you just mentioned the migrations. But earlier in your prepared remarks, you were also talking about advanced security and its availability within the -- the self-managed portion that could help reaccelerate that segment of the revenue mix. And so just trying to think of the puts and takes here, thinking out into the future of how we should be thinking about overall migration as a SaaS revenue driver, but also the advanced security, which either could help stabilize or maybe even accelerate the self-managed piece? And when could that -- we could start seeing that in that piece of the revenue mix. Thanks, guys.

Hi Koji, and thank you for the question. This is Shlomi. I'll take this one. In thank you for the question. This is Sami. I'll take this one. I think that what we see in the cloud and the growth, the 4% to 6% year-over-year growth is also a result of our strategic enterprise sales team together with our partner team. We discussed that earlier this year, the investments that we have done there. This team is focusing on not only migrating customers from self-hosted to the cloud to bring new logos to the cloud. This team is also focusing on looking holistically at the DevOps and Devsecops requirements of our customers. Therefore, advanced security, curation and the new capabilities that we announced recently at Swamp and before are also included. We spoke about one of the biggest telecommunication in North America that just migrated to the cloud together with JFrog -- this Company also adopted Jorgen Security with a meaningful part of the subscription. The other Company, which was discussed the nuclear security Company also adopted the food platform together with security. So we see some kind of a movement not only to have a DevOps end-to-end software supply chain solutions, but also to have a comprehensive building security within the platform rather than using point solution...

Okay. Thank you so much. [Operator Instructions] All right. Our next question is from Sanjit Singh with Morgan Stanley. Sanjit, please go ahead.

Hi, Oscar Saavedra. Nice to hear about you. Hello, can you hear me? Okay, sorry. Yes, it's nice to hear about your investment in Southern Marketing to drive adoption in the large enterprise. But if we look at the last couple of quarters, that as a percentage of revenue has sort of lower-how should we think about that? Is your plan to increase your headcount in that department? Or you think at this point, you have the needed sales force to drive that adoption? Thank you.

Yes. Sure. So over the past years, we've made significant investments in our go-to-market capabilities. A few years back, we started building our enterprise sales and strategic sales team. Then last year, we started building our partnership and channel team. So we continue to make investments, and we build a security overlay and some additional capabilities on holistic top-down approach to go-to-market approach. So those investments start to bear in fruit, and that's why we see that S&M investment as a percent of revenue become more scalable and we see more leverage. We'll definitely continue to invest in those capabilities and we'll continue to grow our sales and marketing expenses in absolute dollars -- but in the long term, as predicted in our long-term model, we expect to see more leverage and therefore, as a percent of revenue, these expenses will continue to go down in the long term...

Okay. Thank you very much. Next, we have a question from Miller Jump with Truist & Company. Go ahead, Miller.

Hey, thank you for taking the question and congrats on the strong results. I guess I was just curious, could you talk about maybe the advanced -- or excuse me, the opportunity you see for advanced security and curation this year going into the fourth quarter, given the concentration of renewals there? And just any color you could give on what you're baking into guidance for that? Thanks.

Yes. Thank you for this question. As we guided the market, we announced Joban Security earlier this year. It's a set of six capabilities that are added to the platform. Just last quarter, we announced curation, which is an additional product that protect the organization from the get-go. We think that what we see here is an adoption of a consolidated security solution, which will become material in the next year, and this is how we guided the market. Currently, we are very pleased with the adoption tens of customers that already adopted this as part of the platform usage. The security additions will become material in the next year.

Okay. Next, we have a question from Kingsley Crane with Canaccord Genuity Corporation. Kingsley, go ahead.

Hi, thanks for taking the question. At SwampUp, you mentioned that the products you were releasing were thematically consistent with the growth drivers of cloud and security. So they kind of fit nicely in with the long-term model of 30% plus growth. So as we move forward, how much of that -- how much of your existing product portfolio can contribute to that growth figure? Or in other words, how much more products do we need to be released in order to hit that target? Thank you,

King, what we announced in SwampUp was part of our road map. We announced several tools that support the full software supply chain platform play that we implement in the market. Georgian security comes first, then Curation and Catalog, which was announced keynoted in SwampUp. We are also planning to have some security capabilities on the run time. So shifting right. We added static analysis security on the left to secure code. And by that, we provide an end-to-end security solution. On top of that, we also announced the AI and ML capabilities as part of the platform, natively supporting security scanning for ML models and storage of ML models in Artifactory. If you look at the global picture altogether, JF platform today provides a full end-to-end solution for DevOps and deep from code to production. And in the next few quarters, we already have items in our road map to complete even further right to what we discussed.

And if I may add to that. So when we release our long-term model, we already had this new products either at the market launch in the market or just about to be launched in the market. So we definitely took those products into account when we release and shared our long-term targets with you.

Okay. Thank you both, [Operator Instructions] and our next caller is Ittai Kidron with Oppenheimer. Please go ahead.

Thank you and Shlomi our thoughts with you and the whole team in Israel, of course. Shlomi, I wanted to make sure I understand the security. can customers buy your security solutions without artifacts or that's still not a possibility? So when will that happen? And then maybe for you, Jacob, on the expansion rate with all the new product coming along and clearly, with the better execution on the up-sell and the traction of $1 million customers. How should we think about net dollar expansion rate here going forward for the next couple of quarters?

Hi, Ittai; what we see as reported is that our net dollar retention stabilized around 120, 119 as predicted and as guided. In the self-host solutions, since our security solution is based on a per model on top of the platform -- we look to see some acceleration there. Though our strategy is very focused on the cloud and the cloud migration. And there as well, security will be a strong driver to support the net or retention guidance that we provided. Security, in both cases, both deployment environment, cloud and self-hosted is based on by developer and not only by consumption. So we think it will support the net dollar retention, and it will be aligned with our guidance. Of Net this -- and it's obviously too full for us to provide guidance for 2024.

Okay. But so just to make sure I understand, can I buy your security, advanced security and curation with outbuying artifacts?

No. Currently, security, our solution security is part of the platform coming with the Artifactory in X-ray. In the future, we may consider to have it as a stand-alone solution. Currently, it's a full solution coming with the platform.

Thank you. And our next caller is Brad Reback from Stifel. Brad, go ahead.

Great. Thanks very much. Shlomi, Just as we think about sort of the emergence of AI and ML large language models, how does that play to help accelerate usage of the cloud Artifactory. Thanks.

It's great, Brad. AI and ML, these are technologies that are being adopted rapidly by all organization and also the enterprise are looking into it. As you are familiar with our portfolio -- the majority of our customers are enterprise customers with thousands of developers. And to be frank with you, most of them are trying to first kind of put down the playbooks and the regulation of how you use AI, how you secure AI, how you automate it and how you become more efficient with it before you let machine code and build binaries and distributed for you. So we planted the seeds, GPG is the first and only Company in the world that practically provide AI solutions for our customers. We planted the seed not only for developers but also for security. Artifactory natively proxy having faced the public repository and x-ray automatically scale all ML models before they are getting into the set the software supply chain. With the rapid growth and rapid adoption of AI and ML ops we believe that this will be just another part is for the case users and will accelerate the adoption of our platform will put us in a very good position in terms of competition that might come up in the future. And we'll serve our customers and community better with the unvotality that we provide. Currently, it's too early to say how will this impact the long-term model.

Thank you. And our next caller is Jonathan Ruykhaver from Cantor Fitzgerald. Jonathan, go ahead.

Yes, thank you. So, for me, an interesting point that has come up in discussions we've had with JFrog customers is around the automation that Artifactory brings to third-party CICD solutions, and specifically the significant reduction in build time and cost savings. Can you just comment on that dynamic, how important it might be when you look at Newlands. And also, what is the implication to pipeline? Is pipeline less of an opportunity just given how well you work with other CICD tools?

Yes. Thanks for this question, John. JFrog Artifactory, and JFrog platform overall is based on an open red API, working with all the major CICD tools in the market. We are actively supporting GitHub Action, Jenkins, GitHub CI-CD, Circle CI, and obviously others. It's also mandatory for everyone who use CI to use the binary repository because the moment CI on top of your source code repository, you create a binary. And then the deployment into Artifactory and putting out from Artifactory by CICD and automating the full software supply chain is being made in and out from Artifactory. Regarding JFrog pipeline, JFrog Pipeline is accelerating the automation of the JFrog platform integrates with all the CI/CD tools and help you promote binaries from every quality gate all the way to production. JFrog pipelines also provide a friendly UI for users to manage their dependencies and to manage the source of all binary. We don't see JFrog Pipeline as a catalyst for the adoption of our platform or major catalysts for ARR. Actually, what we see is that using JFrog pipeline makes our users more faster and secured as they secure their pipeline by using it.

Okay. So it's having a strong impact in terms of the value proposition, but it's not necessarily impacting ARR or the adoption of the Enterprise Plus package, correct?

Correct.

Okay. Thank you. Looks like our next call is from Michael Cikos from Needham & Company

Great. And I apologize if I missed this in the prepared remarks for the Q&A. I know I'm struggling in a couple different earnings calls, like I imagine my peers are as well. But I think the first question, if I could, for Shlomi. We were kind of struck last quarter when the Company was saying that the optimization headwinds were largely behind the Company. And I apologize if I missed this, but could you provide us an update? Does that still stand here where we are today? Is it fair to think that those optimization headwinds for JFrog are now firmly in the rearview mirror? And then I just had one follow-up.

Yes, Mike, we did talk about the usage trends, and we continue to see continued growth of usage. So we do believe that this wave of optimization is behind us. We continue to see the adoption of our platform by larger customers on marketplaces. However, having said that, we also see a slower pace of migrations comparing to prior year. So definitely, macro headwinds in terms of impact on pace of migration is still there, but cloud usage continues to grow, and that trend that we've been experiencing for a couple of quarters now.

Got it. Got it. Okay. And I think maybe one other item. I think earlier this year as well, I know the Company was trying to adjust its free tier. And I think that you guys had decided to limit the number of users that fell under that free tier and maybe by creating that limited capacity, there was a thought that, that could benefit the model and some capacity from a monetization standpoint. Can you remind us what the initial findings on conversion or benefit to revenue, if any, have come through the model at this point?

Yes, Mike, when we decided to kind of building the top of the funnel without free tier earlier in 2022. The main reason was all the additions that we provided with security and IoT capabilities. If you cannot just add on a 3-tier basic DevOp solution, it didn't serve not the strategic product strategy and not the go-to-market strategy, which became top-down strategic enterprise sales. The conversion that we've seen from the free tier where customers, usually small groups of developers that converted to Artifactory and the power subscription, and we decided that it doesn't serve the top of the funnel, I'm happy to report that you can see that what we have built now with our enterprise sales and the strategic sales per foot, one of the results being demonstrated this quarter with the amount of customers that are going over $100,000 over $1 million. This is not coming from pretty as you probably understand.

Okay. Thank you so much. Our next caller is Nick Altman with Deutsche Bank.

This is John Gomez on for Nick. Can you talk about how September and October trended from a macro perspective relative to expectations? And whether you have seen any meaningful change in overall like buying propensity from customers.

No, we did not see any changes in the trends in October continued to be comparable with Q3.

Next caller is from Ethan Weeks with Piper Sandler. This is Ethan on from Rob. It seems like there's still a large amount of organizations out there using either free or open source binary repository management solutions. And as we think about the amount of innovation and product leases you've had on the security side, do you think this could provide a catalyst maybe for a lot of these organizations to start considering a commercial solution?Or if not, maybe what that catalyst may be in the future as we think about new customer growth and converting some of these onto your platform? Thank you.

Yes. I'll take this one. We built Gotraction from the bottom up on the developer app and obviously, starting with open sales build the concerns around Artifactory as a single source of record for the organization. What we know now years after is that it takes more than just one open source solution. When you want to build a comprehensive software supply chain solution, especially on an enterprise infrastructure level, you have to adopt some security tools you have to adapt universality, high availability, multi-cytopology. And very often, we want to move everything to the cloud, which obviously has nothing to do with open source or not. It's about having it as a service. So for sure, yes, it's the top of funnel. A lot of potential customers are looking at the open source before they are trying our tools in the three trial. But the open source is still there, serving us among developers. -- the enterprise with J. Polkchein, it's a very temporary solution and usually being good place very fast.

Okay. And our final question comes from Michael Turits with KeyBanc Capital Markets.

This is Billy on for Michael. Just wanted to ask, with curation crossing between kind of both developers and security, have you seen that acting at all as a gateway to broader conversations with the CISO? Should we think about curation as the next logical customer expansion from the core product before adopting advanced security? Thank you.

This is a wonderful question. curation is very, very unique because curation lends on the common ground of the CIO and the CIS. What I mean by that is that companies realize that they can become far more efficient with adopting open source stages by scanning it before it's even getting into the organization. And therefore, curation is very appealing and growing very fast. The pipeline, we are very pleased with what we see that people immediately understand it. It doesn't matter if you're coming from the security side or the DevOp side, you immediately understand the value of preventing malicious packages to get into your organization to your software supply chain. So we absolutely think that this will accelerate the adoption of our security solution. This is also why on the go-to-market, it's separated from getogretan security, still based on the same business model. In the future, we will add more capabilities that would provide a full comprehensive better solution. But already now, -- we see that nobody is just building from scratch and everybody brings open source packages. And therefore, you want to secure them and to curate them to bless them before they are getting into your software supply chain. Once they are in, then Goersecurity take and actually take position and secure our pipeline. So my answer is absolutely yes, and I'm looking forward to see how this is changing the landscape of how open our software packages are being used.

Thank you. And there are no further questions at this time. So I will turn the call back to Shlomi for closing remarks.

Well, thank you, everyone. Thank you for taking the time to join us today. We pay for more feasible, quiet days here in Israel and made the fog be with you.

Thank you very much. And this concludes today's call. Thank you for attending, and you may now disconnect.