FROG - NASDAQ

Ladies and gentlemen, thank you for joining us, and welcome to JFrog's First Quarter 2023 Earnings Conference Call. I'll hand the conference over to Jay -- to Jeff Schreiner, VP of Investor Relations. Jeff, please go ahead.

Good afternoon, and thank you for joining us as we review JFrog's first quarter 2023 financial results, which were announced following market close today via press release. Leading the call today will be JFrog's CEO and Co-Founder, Shlomi Haim; and Jacob Shulman, JFrog's CFO. During this call, we may make statements related to our business that are forward-looking under federal security laws and are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including statements related to our future financial performance, including our outlook for Q2 and the full year of 2023. The words anticipate, believe, continue, estimate, expect, intend, will and similar expressions are intended to identify forward-looking statements or similar indications of future expectations. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our views only as of today and not as of any subsequent date. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward-looking statements in light of new information or future events. These statements are subject to a variety of risks and uncertainties that could cause actual results to differ materially from expectations. For a discussion of material risks and other important factors that could affect our actual results, please refer to our Form 10-K for the year ended December 31, 2022, filed with the SEC on February 9, 2023, which is available on the Investor Relations section of our website and the earnings press release issued earlier today. Additional information will be made available in our Form 10-Q for the quarter ended March 31, 2023, and other filings and reports that we may file from time to time with the SEC. Additionally, non-GAAP financial measures will be discussed on this conference call. These non-GAAP financial measures, which are used as measures of JFrog's performance to be considered in addition to, not as a substitute for or in isolation from GAAP measures. Please refer to the tables in our earnings release for a reconciliation of those measures to their most directly comparable GAAP financial measures. A replay of this call will be available on the JFrog Investor Relations website for a limited time. With that, I'd like to turn the call over to JFrog's CEO, Shlomi Haim. Shlomi?

Thank you, Jeff. Good afternoon to you all, and thank you for joining the call. I'm pleased to report that JFrog's first quarter 2023 revenue exceeded our prior guidance range, driven by increased cloud usage by our customers and continued adoption of the mission-critical JFrog Platform even in challenging economic environment. Our 2023 first quarter revenue was $79.8 million, reflecting 25% year-over-year growth. Our cloud usage accelerated in the quarter, delivering revenue of $25 million, increasing 49% year-over-year. Customers with ARR over $100,000 grew to 785 customers compared to 599 customers in the year ago period, increasing 31% year-over-year. Customers with ARR over $1 million increased to 21 customers versus 16 customers in the first quarter of 2022, up 31% compared to the year ago period. Our first quarter results demonstrate strong execution in tough macroeconomic environment, highlighting the resiliency of our DevOps, cloud and security initiatives powered by the JFrog Platform. I want to address what specifically made Q1 a strong quarter for JFrog. First, while we continue to operate in a challenging environment, our customers have pushed forward expanding their infrastructure with JFrog as a mission-critical piece of the software supply chain management process. While some companies may be delaying or rescoping projects, we are seeing they ultimately need to move forward with high-value initiatives based on solutions like JFrog. As a result, in Q1, we did see some deals that had been pushed out from Q4 of 2022 reached the closing stage this quarter. As an example, our strategic sales team was proud to migrate our customer, Wix to JFrog Cloud services based on their strategic DevOps workload migration initiatives. Wix is a world leader in the cloud-based web development platform domain, providing powerful services and the vast collection of templates to millions of customers worldwide, simplifying website building for individuals and companies. In order to update their application with speed, security and reliability, Wix realized their on-premise infrastructure would not allow for the agility and scalability they required, leading them to embrace cloud services for their DevOps pipeline. In partnership with the JFrog strategic customer team, Wix defined the software supply chain end-to-end from production at scale, saying "Every month, we are transferring massive amounts of data between our development team, production environment and our customers. JFrog cloud services is a high-scale, resilient mission-critical components of our production system, managing container images and software packages of different technologies in multiple regions with full redundancy and fault tolerance for our customer-facing applications." That is Adam Spektor, the VP of Engineering of Wix. He also noted "Migrating our DevOps workload to JFrog's multi-region, highly available software supply chain platform with Artifactory at its centers allows our team to better support Wix's growth by providing reliable and innovative services." JFrog stands out in the DevOps and DevSecOps market by offering a hybrid and multi-cloud solution, which allows our customers to fully manage and secure their binaries across their software supply chain while migrating to the cloud at their own pace. We anticipate partnering with more companies like Wix to power strategic development initiatives at the world's most demanding enterprises. Second, I'm pleased to say Q1 showed early indicators of growth in our partners' ecosystem and the ongoing efforts to expand our co-sell and channel partner most. For example, a large partner in Japan built in a key win for JFrog, one of the most recognizable insurance brands in Asia via our reseller channel. In another example, a top federal partner was able to secure a net new project, leading to an Enterprise Plus full platform subscription deal in support of a United States federal agency. We continue to believe the global partner motion in addition to our robust strategic sales and direct sales motion will expand in 2023. Third, in Q1, despite customers taking steps to be more efficient in their cloud consumption, we saw acceleration of cloud usage in both pay-as-you-go and annual SaaS customers. As businesses continue to streamline, they rightfully look for ways to be more efficient. With that in mind, JFrog continues to solidify its position within company, enabling efficiency, accelerating speed of development and delivering secure software releases that provide competitive advantage. We're confident JFrog will continue to grow its cloud business in 2023, mainly due to increased usage and ongoing migration from self-managed subscriptions towards hybrid or multi-cloud environment. Now allow me to expand on some broader themes that we anticipate will continue to fuel JFrog in 2023 and beyond. Let me begin with cloud and hybrid. Our customers tell us, and we observe it in the community that cloud migration and strategic hybrid topology adoption remain a top priority for most enterprises. We believe JFrog is uniquely positioned to support enterprises as they migrate at their own pace, handling both on-prem and cloud simultaneously. Many of these initiatives are multi-quarter or multi-year efforts, and we're proud to help new and existing customers drive success in these areas. This was a common theme, our top customers highlighted at our LEAP Event and intimate gathering of some of JFrog's influential customers that included the representative for many of the world's most recognizable enterprises. As part of customers' cloud migration journeys, they were excited to hear that our advanced security solutions would be available in a hybrid model to support both emerging and historic workloads. Our holistic security capabilities differentiate us from other vendors, and we are proud to be strategic partners as our customers migrate and manage DevOps and DevSecOps across their journey. To illustrate this from a business perspective, we recently welcomed a leading payment and financial services provider to the JFrog Software Supply Chain Platform. This company had previously relied on Sonatype Nexus to manage their DevOps processes on-prem, but was looking for a more scalable, multi-region capable and hybrid solutions. We're excited to support them in their journey as they advance their cloud first and customers' app-driven services for more than 30 million customers. Next, I would like to highlight DevOps and security tooling consolidation. As more tasks and responsibilities are shifted left to developers and DevSecOps team, there is increasing difficulty in managing multiple point solutions for each task. This is especially evident in security tooling, where point solution can force developers to use handfuls of tools and try to make sense of data, actions and reporting, leading to long incomplete remediation cycles, which can ultimately leave companies vulnerable. We believe we have a great opportunity to displace and consolidate functionality of multiple tool sets and even entire security companies. Any customers look at the DevSecOps tooling portfolio and see Nexus Firewall, Synopsys Black Duck, Snyk, Checkmarx, , just to name a few, as point solutions for many capabilities. This can include open source software, curation and scanning, code scanning, container security, environment protection and more. We understand this fall is not sustainable for developers or the business. By addressing multiple areas of security in one platform, we believe JFrog's holistic DevSecOps tooling is well positioned to address customers' needs across the software supply chain. As additional value, we combined with the power of the JFrog Platform with Artifactory as a single source of record for DevOps. Our customers can control and secure their entire pipeline from developers to device. Therefore, the JFrog security approach is to provide a comprehensive platform-driven solution as we are confident will bear fruit as the software supply chain security market matures. We see early indicator of this in Q1, for example, with our JFrog Platform customer, InterVenn Biosciences, a life science company glycoproteomics that aims to make the new era personalized, predictive and preventative care a reality. After initially choosing JFrog Artifactory for end-to-end binary life cycle management, companies like InterVenn are positioned to standardize many security capabilities with the JFrog Platform, while point solution in the market increasingly becoming redundant to JFrog security capabilities. In addition to commercial adoption of our security tools, we were excited that the recent RSA Security Conference to be recognized by the Global InfoSec Awards as the most comprehensive DevSecOps solution. We look forward to building on our commercial success and industry recognition as we continue to listen to our customers' needs across our security portfolio. Third, I would like to focus on the ever-increasing need for both speed and trust in the software release cycles. At our LEAP Conference, some of our leading customers were very clear. They have a need for speed but cannot sacrifice security and reliability across their global infrastructure. We were excited to welcome presentations by not just one of the top automotive companies in the world and one of the top IT firms in the world, but also one of the top global gaming development companies with hundreds of millions of players across the last decade. We were proud to see how the rapid release cycle were powered by the JFrog Platform, providing them with a global scale, highly available, fully federated architecture, keeping their developers productive and delivering software with trust. Next, I want to highlight an important executive staff update. JFrog made a strategic hire in March, proudly welcoming our new CIO, Aran Azarzar. Aran has over 2 decades of experience in IT and cybersecurity developing global systems and implementing leading security strategies. Under his leadership, we look forward to accelerating and scaling our corporate infrastructure, allowing us to serve customers even more efficiently, while impacting the bottom line. Welcome, Aran. In closing, I'd like to reflect on JFrog's commitment to profitable long-term growth and cash flow generation while creating value for both our customers and shareholders as we focus on execution across the business. Driven by the strength in adoption of the JFrog Platform and our expectations for future contributions from the platform security core, we believe our operating model can achieve a 5-year revenue CAGR of 22% to 24% through fiscal year 2027, which would imply a potential revenue range of $775 million to $825 million, while delivering free cash flow in the range of $200 million to $240 million, implying estimated margin of 26% to 29%. With that, I'll turn the call over to our CFO, Jacob Shulman, who will provide an in-depth recap of Q1 financial results, update you on our guidance for Q2 and for fiscal year 2023 as well as provide more details on the assumptions within our long-term models. Jacob?

Thank you, Shlomi, and good afternoon, everyone. During the first quarter, total revenues were $79.8 million, up 25% year-over-year. Our stronger-than-expected revenues in the quarter were driven by ongoing customer adoption of the JFrog Platform and higher-than-expected contribution from our cloud business. In the first quarter, our cloud business saw a sequential improvement in usage, delivering revenue of $25 million, up 49% year-over-year. While the improvement in usage helped drive high quarterly revenues, we don't believe the overall industry trends related to optimization is completely in the rearview mirror. We remain cautiously optimistic that the first wave of customer optimization is likely behind us and anticipate our customers will grow with JFrog in a more efficient manner going forward. We view the recent increase in usage by our customers as a positive signal that the need to generate software continues to be a secular trend and see the customer optimization efforts as short-term adjustments driven by macroeconomic challenges, another shift in how infrastructure software is utilized. We still anticipate our baseline growth rate within our cloud business will remain in the mid-40s during fiscal year 2023 with any potential upside generated by increased customer usage. Self-managed revenues on-prem were $54.8 million, up 17% year-over-year during the first quarter. Overall expansion within self-hosted has slowed relative to prior year results, given the shift by large customers towards hybrid deployments, which are favorite expansion into the club. We believe the announced release of JFrog Advanced Security for self-hosted, which occurred during the first quarter can be a catalyst for revenue growth and customer expansion. Net dollar retention for the 4 trailing quarters was 124%, a decline of 4 points due to the macro headwinds. Our gross retention continued to be 97% with no change in overall customer churn trends. In Q1, 44% of total revenue came from Enterprise Plus subscriptions, up from 35% in Q1 of 2022. Now let me discuss our income statement in more detail. Gross profit in the quarter was $66.2 million, representing a gross margin of roughly 83% compared to 84% in the year ago period. Higher mix of our cloud business impacted gross margins on a year-over-year basis. Operating expenses for the first quarter was $63.5 million, up only $1 million sequentially, equaling 80% of revenues compared with $53.2 million or 84% of revenues in the year ago period. Our year-over-year growth in operating expenses reflects ongoing investments in our go-to-market motion, security and strategic sales team. Non-GAAP operating profit in Q1 was $2.7 million or a 3.4% operating margin compared to an operating profit of $543,000 or 0.9% operating margin in the prior year. We delivered another quarter of positive net income equaling $5.9 million or $0.06 per diluted share based on 107 million diluted shares outstanding versus a year ago income of $158,000 or $0.00 per diluted share. Turning to the balance sheet and cash flow. We ended the March quarter with $447 million in cash and short-term investments, up from $443 million as of December 31, 2022. Cash flow from operations was negative $1.1 million in the quarter. After taking into consideration CapEx, free cash flow was negative $1.4 million or negative 2% free cash flow margin. Our operating cash flow and free cash flow margins were negatively impacted during the quarter due to the timing of billings and prepayments for license renewals. This does not change our expectations for low double-digit free cash flow margins in fiscal 2023. As of March 31, 2023, our remaining performance obligations totaled $210.6 million. Before providing our guidance, I would like to discuss in more detail the underlying assumptions in our long-term target model. Our estimated 5-year revenue CAGR of 22% to 24% through fiscal year 2027 assumes the current macroeconomic conditions would persist for several quarters and implies our cloud business will remain the primary driver of growth. We believe on an annual basis, contribution to cloud growth will likely be driven primarily by customer expansion of subscription tiers and use cases, our new advanced security add-on and, to a lesser extent, cloud migrations. Our assumption for our self-hosted business implies growth driven primarily by expansion of use cases and adoption of our end-to-end platform, including the security part. Given higher expected mix of our SaaS revenues, we would anticipate our gross margin to trend lower towards the range of 80%. In line with our prior targets as a percentage of revenues, we anticipate spending on a non-GAAP R&D would be a range of 20% to 22%. Investment in sales and marketing on a non-GAAP basis should move from 38% in fiscal year 2022 to a range of 26% to 28% by 2027. Overall spending on the non-GAAP G&A to trend towards a range of 8% to 10% by 2027, down from the 14.6% reported in fiscal year 2022. Based upon our forecast for revenue, gross margin and non-GAAP operating expense, we would anticipate a range of non-GAAP operating income of 21% to 23% compared to the 0.5% margin reported in fiscal year 2022. Assuming an additional 5% to 6% for a delta between non-GAAP operating income and free cash flow implies a potential fiscal year 2027 free cash flow margin range of 26% to 29%. This will suggest on a dollar basis, free cash flow greater than $200 million by 2027. We believe this long-term target model reaffirms JFrog's commitment to profitable growth, something embedded in the company's DNA for years. We see the adoption of the JFrog Platform and the addition of its recent security core as critical infrastructure software solutions, allowing our customers to manage, secure and distribute binaries across their software supply chain. Finally, I'd like to speak about our guidance for the second quarter and full year 2023. Our full year 2023 expectations continue to estimate strong growth in our cloud business. We reiterate our belief that our trailing 12-month net dollar retention ratio will be in the low-120s for the fiscal year 2023. We forecast continued expansion in our operating and free cash flow margins through fiscal year 2023, given our continued focus on profitable growth. For Q2, we expect revenue to be between $82.5 million to $83.5 million with non-GAAP operating profit between $3 million to $4 million and non-GAAP earnings per diluted share of $0.04 to $0.05, assuming a share count of approximately 108 million shares. For the full year of 2023, we anticipate a revenue range between USD341.5 million and USD345.5 million. Non-GAAP operating income is expected to be between USD19 million and USD20 million and non-GAAP earnings per diluted share of $0.19 to $0.21, assuming a share count of approximately 110 million shares. Now let me turn the call back to Shlomi for some closing remarks before we take your questions. Shlomi?

Thank you, Jacob. We are excited to see that our customer base across multiple verticals, geographies and implementation side continue to see JFrog as mission-critical. As we leap ahead in 2023, I want to thank the JFrog team for delivering on a quarter that exceeded the goals we set. The FROG's passionately work to support our customers and drive success in a complex market across DevOps, security and IoT. Thank you all for your attendance and may the FROG be with you. And now we'll be happy to take your questions. Operator?

[Operator Instructions]. Your first question comes from the line of Sanjit Singh with Morgan Stanley.

Congrats to the team on a solid start to the year. I wanted to start a little bit with the demand trends that you saw throughout the quarter. You guys service tech companies, but also large enterprise companies as well as banks and coming off some of the headlines around Silicon Valley Bank, what were sort of some of the demand trends from a booking perspective in the back half of March and then the early reads on April and May?

Sanjit, thank you for the question. This is Shlomi. So regarding the demand that we've seen in the first quarter, it was actually as described, split 3 things that we have seen. First, our strategic team going direct after some pipeline that was pushed out from 2022 and fulfilled it. Second, by partners that promoted the JFrog Platform and our partner team worked closely with them both for new opportunities and existing customer expansion. And third, obviously, the cloud, which was the main change between the last quarter of the previous year and this first quarter of this year, cloud consumption looks like coming back, especially because of the fact that JFrog provides an infrastructure cloud service. So optimization goes to a limit, as you understand, and we started to see the numbers climbing back.

If I may add to that, Sanjit, with regards to the cloud consumption, it started -- the quarter started very similar to the Q4 trends and then accelerated as we progressed through the quarter.

Understood. Yes, that's very helpful context. And then I guess a question on the long-term model. I guess I was a little surprised to see you introduce those 5-year targets. If I look at the revenue growth today, we're growing sort of the low to mid-20s. And the 5-year view basically said that growth will sustain 22% to 24%. So can you talk about what gives you the confidence to in this highly uncertain environment to have the confidence to go out there with a 5-year view on growth and on free cash flow margins? And if you could give us any sort of context? I think Jacob walked us through some of the assumptions, but are there -- is it going to be a function of additional products? Is it going to be a function of security becoming a larger part of the business? Are you going into other marketing segments to sort of unpack the growth equation for us?

So yes, we based the model basically on 2 vectors that we believe we will see additional sustainable growth in the next 5 years. One of them is the cloud business, our cloud services. As you know, we projected and guided that this will go at the mid-40s, and we see this trend still coming in. And the portion of revenue that comes from the cloud versus the on-prem is still goes as we project. So we think that it will have further contribution in the next 5 years. Second, we invested a lot in security. We released this quarter the self-hosted version of JFrog Advanced Security. In the last quarter of 2022, we released the cloud version of it. We believe that security will play a significant role and will bring material revenue impact in the next 5 years.

Your next question comes from the line of Pinjalim Bora with JPMorgan.

This is Noah on for Pinjalim. First, what has been the impact, if any, from the Advanced Security SKU for self-managed kind of that launch in March? And just also I have a quick follow-up.

Yes. The self-hosted version of Advanced Security was just launched in early March, and it did not have any material impact on the quarterly results. We're happy to see the customer engagement. We have first customers in production, but it's -- for the quarter itself, it wasn't material.

Got it. And then I guess what would be the rationale behind introducing a number of developers of the pricing lever for Advanced Security? And also it seems like the price for the Enterprise X for cloud came down dramatically. What was driving that decision?

Yes. So Advanced Security is a new product for us. And what -- there are several goals we wanted to achieve by introducing this metric. First of all, it should be a seamless metric between SaaS and self-hosted. Second, it should be comparable to the competition into the market. So when -- as we said, we have a lot of expectation that this solution will replace and help to consolidate other solutions -- other point solutions in the market. So to help our customers to compare the business value, also with the technical value, that also the decision was to go by . And lastly, we see a lot of opportunities as these products will continue to expand and our customers will continue to consolidate on this product going forward. I would add to it, the fact that, first of all, as Jacob mentioned, the market is used with the security solution around DevSecOps model. This is one aspect. But we also have to remember that this is coming -- our security solution, JFrog Advanced Security solution comes on top of the current subscription. So we had to come up with a model that also makes sense for our customers to pay more than the base subscription.

Your next question comes from the line of Brad Reback with Stifel.

Shlomi or Jacob, as you sort of think about the optimization commentary that you guys presented here, any sense of the accelerating usage coming from net new workloads as opposed to customers just finding fewer ways to save money?

Your question referred to the cloud business?

Yes, Shlomi, exactly.

Yes. So, what we charge for in the cloud, and this is very much aligned with the best practices in the market is for storage of binaries and data transfer of binary. So optimization goes on this for both new customers and existing customers. Our cloud business is split between annual commitment and monthly commitment. On the monthly commitment, we see more new business. This is, I think, what you referred to in your question. And the annual commitment, we saw that the optimization that we experienced in the last quarter of the previous year start to climb back to the numbers that we saw. And obviously, we hope to see that these commitments are being renewed during the year. I may add to that, as we see our customers adopting a full platform. So our platform is not just used in developer environment, also used in production environment. So definitely, cloud usage is driven by, not just standardization of customers or development on, but new workloads that reflect the operational activities as well.

That's great. Very helpful. And then just high level, I've gotten a few questions on this. Is there any disproportionate vertical exposure in the customer base? Or is it fairly broad-based?

It is fairly broad-based. We have a very diversified customer base. None of our customers represents more than 2% of our revenue. The largest verticals for us would be the financials and the tech industry.

Your next question comes from the line of Mike Cikos with Needham.

Mike Cikos from the line here. If I could just build both the last question for a second. I know that you guys are citing financials in the tech industry as the largest 2 verticals. And I think it was a little surprising to given the level of enterprise exposure that you guys have and, let's say, that financial services exposure, specifically that you guys didn't seem to be impacted by maybe some of this broader financial shocks to the system we're seeing with some of the regional banks. Can you help us think through maybe why your solution or why the growth with your customers seem to be a little bit more immune versus some of the chatter we've heard from other companies that are reporting this season? And then I have a follow-up as well.

Yes, Mike, I think that when you look at the market, whether it comes from one sector versus the other, the infrastructure is a matter of will you or will you not build software. I don't know any bank or any other organizations that will stop build and release software, and this is our business. So we have a reason to believe that this is a bit more sustainable than applications or other services that are provided in the cloud. The second trend that we see is that, both on-prem and cloud are going to coexist and stay in different industries. And the fact that we provide both of them and sometimes both of them at the same time to the same organization, give our customers the flexibility to move between the cost that they have on the self-hosted infrastructure piece like JFrog versus the consumption base in the cloud and manage the migration based on their own picks. If I may add to that, we see our products provide tremendous value in organizations of larger scale that spread out in different regions, global organizations. And therefore, Mike, we do see ourselves more installed on like top-tier financial institutions and, to a less extent, exposed to smaller regional banks.

Got it. That was going to be something that was going to drive it next year because I appreciate you calling out the lack of exposure to those regional banks. And then, I guess, if I could just have my follow-up here. I know that a lot of people are circling around the commentary you guys offered regarding the accelerating cloud usage through 1Q. I think it would be helpful, at least from my perspective, I know that you said 1Q started with very similar trends to what you guys had seen in 4Q. So 2 points here. One, during 1Q, when did the trend start to normalize or return to a more typical, I guess, growth algorithm versus where you guys have been in 4Q and the start of 1Q? And then any commentary you'd be able to provide on how that trend played into April? I imagine that's one of the things you guys are factoring into your guidance here for 2Q, but I think both of those data points would be helpful around the cloud consumption.

Yes. So we did see our cloud usage growing faster in the month of March. And in April, we did see kind of similar trends. Obviously, our guidance assumes a certain level of conservatism. We said on the call that we don't think that the optimization is fully behind us. We do expect that our customers will continue to grow more efficiently. And so, there's still a lot of uncertainty in the market. And therefore, our guidance does assume some level of conservatism.

Your next question comes from the line of Kingsley Crane with Canaccord.

So one for Shlomi and one for Jacob. It seems like a significant portion of the immediate opportunity for Advanced Security is in on-premise. So how incremental is the Advanced Security update compared to only having it for cloud in the past? And then how much of this is baked into the fiscal '23 guidance?

So the JFrog Advanced Security in the self-hosted version is actually answering our hybrid philosophy and strategy. The majority of our customers are still using a self-hosted version. Therefore, we think there is a lot of room for growth there. And it's based on an identical model as the cloud, which is a bi-fit model. So we think that there's a lot of room to grow with the self-hosted JFrog Advanced Security. The second reason that we were excited to announce that this quarter was that most of the point solution that we are aim to displace with the JFrog platform and with Advanced Security on top of it, self-hosted solution. So we know that the market is fragmented, and we are coming with a solution both for the cloud and self-hosted with the financial model that is aligned also with the target of this space.

Yes. And Mr. Kingsley, we said that we expect a material contribution from Advanced Security products in fiscal 2024. So we're ramping up. We're very happy with the customer engagement. We see a lot of opportunities, and we expect material contribution from Advanced Security in 2024.

Okay. And so, one more. So you're solidly profitable today. I just want to think about capital deployment moving forward. So what's the appetite for M&A in terms of valuation and ability to integrate an asset? And then also the stock at these levels, would stock buyback be something you would ever consider?

Yes. So first of all, our Board is constantly looking at ways to optimize capital structure and consider different options. In terms of M&A, we see a lot of opportunities in the market, and fragmented market. So we believe in the future, there will be opportunities which we will act on if they come.

Your next question comes from the line of Koji Ikeda with Bank of America.

I wanted to go back to some of the commentary that you had from a prior question and also in the prepared remarks about optimizations and where you don't believe that optimizations are fully behind. You said that you feel the first wave is behind, but optimizations are not fully behind. And it seems like you're alluding to there might be a second wave here or maybe I'm reading into them too much, but what are you hearing or seeing out there that makes you believe there may be another wave or another optimization wave could be coming? Is there a certain geography or vertical that you're thinking about? Or help us understand that kind of commentary that you had?

We don't expect second wave. What we see is that, continued effort by our customers to use cloud in a more efficient manner. As we know -- as you know, Koji, we charge by data transfer and storage. Storage is more immediate. Optimization provides more immediate optimization results and data transfer more longer-term optimization process. So we see that our customers very cost-oriented. The budget is still tight and they want to be in budget because, otherwise, they would require additional approvals. So what we see is that, customers continue to use the products because it's infrastructure play, they continue to grow with us, but they will continue to grow with us in a more efficient manner going forward.

Koji, I would add to it. The different segments that we see, there are companies, big enterprise that are in the process of migrating to the cloud and might slow down because they still have their on-prem solution for infrastructure. They use JFrog, they are in the process of migrating and might slow down with how much workload they move to the cloud. And there are the others that already migrated or signed with us already with the cloud solution to start with. And these guys will probably have to prioritize infrastructure versus other activities that they have in the cloud. In both scenarios, we are being very careful with what we projected. And we don't want to say that the optimization is behind us, but the big wave of optimization that we saw in the last quarter of the previous year was more significant than what we saw this quarter. This is why we have reason to believe that the market is slowly coming back.

Got it. And then on the 2027 target, the revenue target, assuming a 22% to 24% CAGR there. Just wondering what sort of embedded assumptions you have in that specifically from an NRR perspective?

We expect our net dollar retention to be in high-teens up to 120% over the course of this period.

Your next question comes from the line of Ittai Kidron with Oppenheimer.

Nice quarter. Since Koji asked about the fiscal '27 guide, I'll start with that as well. The margin targets you have for that year are slightly lower than what you had in your previous long-term model. Can you elaborate a little bit on that, the reasoning behind it?

Well, we do expect a high contribution from SaaS. We do expect, as a result of that, it's probably more impact on free cash flow because SaaS is tend to be more shorter-term contracts today, at least. We don't have many multiyear contracts in the SaaS business and SaaS becomes a bigger portion, that's what will probably impact slightly the free cash flow. In terms of profitability, I think we provide the same targets.

Okay. And then on the upside in the cloud in the quarter, can you double-click on that a little bit? Is there any color you can provide on how broad that was? Were there 1 or 2, 3 customers that really jumped up their usage, any vertical or region where this was more pronounced? I'm just trying to kind of find a common denominator there.

Yes, Ittai. So first, to the question whether it was one customer or across-the-board, we saw it everywhere, not by geography, not by sector or not by one customer. It was a trend. I think that most of the companies were instructed at the end of the previous year to cut costs on hosting and they moved very fast. And as Jacob mentioned before, the low-hanging fruit of storage and the cleanup of the repositories and now they had to start the year and start to rebuild their infrastructure to enable the service. So we started to see it coming back. So no specific sector or geography or customers. And climbing back is normal for us, and it took time. We didn't start on January. It started at the end of the quarter, and this is where we saw it starting to climb back.

Okay. And then lastly for me on the Advanced Security. Nice to see that come on premise, I guess, on the hosted. I guess, Shlomi, I'm trying to get into the long-term potential of this -- the attach rate of this to your base. Do you think there will be differences that the attach rate of Advanced Security to -- of SaaS customers is going to be any different than non-SaaS customers? And can you talk about what is the dollar uplift usually for a SaaS customer adding this versus a non-SaaS customer adding this?

Yes. So when we are looking at the portfolio, we have 3 different options. One is fully self-hosted. Second is hybrid and third is fully cloud. We started with the cloud. Obviously, that was a faster time to market because the customer doesn't have to install anything and there is no . You just click and stop. And that was a great launch for JFrog Advanced Security at the end of 2022. And then this quarter, we released the self-hosted which requires a deeper conversation of how do you embed that with what version of the platform. So that came second when we already had some practices. We think that -- in today's JFrog customers' portfolio, the majority are still self-hosted and the big enterprises are using multiple tools. The majority of them will use more than 10 different tools to gather the DevSecOps. So JFrog Advanced Security is very appealing in terms of consolidation, in terms of performance features and keep the software supply chain secure, focusing on the value that the platform brings. And we hope that while they will migrate to the cloud because as you see, we push the cloud business as well in parallel, while they migrate to the cloud, it will be an easy smooth move because they will already have it installed and practicing the organization.

Your next question comes from the line of Miller Jump with Truist Securities.

Congrats on the solid execution in the quarter. So, I guess, first one, I kind of want to start on hiring. A lot of your competitors have pumped the brakes on hiring or even made cuts to headcount in the beginning of the year. So can you guys just talk about how you think about hiring in the current environment and how that goes with sales productivity, especially given the leverage that you just called out in your long-term model there?

Yes. I'll take that question, Miller. So first of all, as you know as well, we've been growing in a very efficient manner. So our plan and execution and a path to profitability have started many years ago. And this is what's embedded in the company's DNA. So in the first place, we did not hire so many employees, so we didn't have to go through a reduction in force. Second, we do -- we did slow hiring, and we reported that actually in the second half of last year. And we're focusing on improving of efficiency and profitability. We do reallocate some resources to the projects with high ROI. We closed projects that don't provide some ROI. We focus on execution. We focus on performance. And therefore, we continue to do kind of improvements on an ongoing basis, and therefore, we didn't have to go through this big headcount reductions.

Got it. That makes sense. And then, I guess, another question, just a trend that you called out last quarter was kind of the pay-as-you-go customers shifting to annual contracts. Is that something you continue to see in Q1? And, I guess, is there any impact that we should think about there as far as your guidance?

Yes. The transition of pay-as-you-go customers to self-host -- to annual is a natural progression of these customers. Typically, new customers start as pay-as-you-go because they're not yet familiar with the products. They don't know yet how they're going to utilize them. And therefore, they want to be cautious, they're not willing to commit to long term. Once they use the product, they become familiar, then they -- only then they know that they want to commit and get to the -- maybe some discounts depending on the size of the commitment. So it's a natural progression of our customer journey, and it's actually beneficial for JFrog, because the longer commitment, the better their old map we're working with the customer and the better value they could deliver -- see from the products. So we continue to see some customers transitioning from pay-as-you-go to annual commitments this quarter. But just Q4 was more pronounced given this additional budget strict requirements that was imposed on some of our users.

And to be very clear about that, that's as Jacob mentioned, also part of our strategy. We would prefer to have customers committed to an annual contract and to build the road map with them, build the platform with them, it's aligned with the strategy. This will only happen if they will be committed to a long run. So yes, we will see it, but it's also very much aligned with the way we direct our strategic sales team to push it.

Your next question comes from the line of Jonathan Ruykhaver with Cantor.

Nice quarter. So I'm wondering if you could talk about how you feel around the opportunity with pipelines. I know that the focus has been on Artifactory and by design, you have built, I think, numerous integrations with other CI/CD tools. But any updated thoughts on how you see your positioning there, anything you might be doing around innovation and/or packaging or pricing that might change that opportunity with pipeline?

Yes. Thank you for this question. Pipeline is a JFrog CI/CD solution, to better automate the process within the platform. Now, remember, what we are -- the business that we are in is moving bandwidth from one stage to another. JFrog Pipelines is probably the best way to automate these processes, not just in terms of -- from build to test to release, but also in terms of automating security as part of the DevSecOps solution we provide. JFrog Pipelines completely integrates with whatever CI/CD tools you have in the market. So whether you use GitHub Actions or Jenkins or other tools, JFrog Pipelines will integrate with that. And this is actually another motivated feature or product that lead our customers to adopt the full platform. In our LEAP event that was mentioned in the script, we shared with our top customers the new capabilities of software releases from one stage one environment to another. This is all behind the scene powered by JFrog Pipelines. So it's an integrated piece of our platform, which makes our platform more automated and ready for the next-gen.

So talk about that go-to-market motion with Pipelines then because I would imagine that customers already using Jenkins or some other CI/CD tools that they would have to be sold quite heavily on the need for a pipeline.

Yes. So there are 2 ways to look at it. The first thing is that, Pipelines is part of our platform subscription and it would be a reason for you to upgrade from a lower subscription to a higher subscription in our model. Second, pipeline is also a consumption-based, both on a self-hosted and in the cloud. So if you use more than the base then you pay more. The motivation on the customers' side would be around better, faster releases that will be more secured, and we keep adding more and more features to it. Some of it is integrating with your CI/CD, which was chosen by the developers a step before and some of it while you are implementing the platform.

Your next question comes from the line of Rob Owens with Piper Sandler.

With all the focus around generative AI and its applicability across DevSecOps, I'm wondering from your purview, number 1, thought process around where it could benefit your product sets and interesting follow-up, I guess, the prior question. And then number 2, just from where you said potential impact on the industry, does this lend to more opportunity for JFrog down the road?

Yes. Obviously, a great question. Listen, AI, by definition, is here to replace human and human intervention in the process of building, releasing and securing software in our domain. JFrog is a binary company. We are dealing with binaries. So, obviously, the more you create -- the more you build, you create more binaries, and this is for us will be a great opportunity. So we were forever a machine language company. So AI is blessed because it will generate more business for JFrog. What we have to make sure is that, this business is not being disrupted by automation of how you maintain binaries as well. But this is from the get-go, what we built with Artifactory. So, obviously, we are very excited about the opportunity. 10 years ago, CI/CD generated machine work versus developers and created more work for binaries or binaries people. So AI is a big opportunity for a company like JFrog. The second side of it is the security piece that we are managing. Security can be powered by AI, not only around scanning and around finding vulnerabilities and CVs, but also . So when you have to replace a binary that is storing Artifactory and put it in production, this can be done by AI, and we are excited about these opportunities. We are looking at the different ways of implementing responsible AI because, as you probably know, some of the regulations are also being created as we speak now. So it's not just about what feature or what trends we want to cling on is how responsible should we be when we build the automation that remove the human intervention from the process and implement a smart and responsible AI. And we are looking at it on the high strategic level of JFrog. Regarding the market, what would be the result of AI? The result of AI would be, how many developers can be replaced by implementing AI. And this means , it doesn't mean binaries because whether you build software with people or with machines, you build binaries, you deploy binary, you take binaries all the way to production. And what we have to make sure is that, we better integrate with this ecosystem and follow the next generation of DevOps and DevSecOps that is also powered by AI and not just by developers.

Your final question comes from Michael Turits with KeyBanc Capital.

This is Billy on for Michael. Congratulations on the results in the quarter. It seems to make sense that since you're not a seat-based model, it seems reasonable you'd be less impacted or not directly impacted by developer headcount reductions. Have you seen any slowing in development projects and the pace of software development as a result of developer headcount reductions across the industry?

So our customers are telling us that they have to prioritize things. That's, I think, the real work behind this kind of balancing that we see in the market. They have to prioritize maybe a year ago that they would just throw money on all kinds of experiments. This year, they will take it in a bit more disciplined way. The second thing is that, if you were in a process of migrating to the cloud that will require a period of a parallel infrastructure environment. Moving your legacies to the cloud doesn't happen in a day. It will happen over a period, maybe sometimes a multiyear project. And some of them push this decision further, although they know that strategically they will go there, they push it further. So in both ways, whether you prioritize or you are not enabling a hybrid environment, this will have an impact on our projection.

There are no further questions at this time. I'll turn the call back over to Shlomi for closing remarks.

I'd like to thank you all for your attendance today. We had a wonderful quarter, and we are looking forward to share with you more results in the coming quarters. May the FROG be with you. Thank you.