JFrog Ltd Q2 FY2023 Earnings Call

Good afternoon, and thank you for joining us as we review JFrog's Second Quarter 2023 Financial Results, which were announced following market close today via press release. Leading the call today will be JFrog's CEO and Co-Founder, Shlomi Haim; and Jacob Shulman, JFrog's CFO. During this call, we may make statements related to our business that are forward-looking under federal security laws and are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including statements related to our future financial performance, including our outlook for Q3 and the full year of 2023. The words anticipate, believe, continue, estimate, expect, intend, will, and similar expressions are intended to identify forward-looking statements or similar indications of future expectations. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our views only as of today and not as of any subsequent date. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward-looking statements in light of new information or future events. These statements are subject to a variety of risks and uncertainties that could cause actual results to differ materially from expectations. For a discussion of material risks and other important factors that could affect our actual results, please refer to our Form 10-K for the year ended December 31, 2022, filed with the SEC on February 9, 2023, which is available on the Investor Relations section of our website and the earnings press release issued earlier today. Additional information will be made available in our Form 10-Q for the quarter ended March 31, 2023, and other filings and reports that we may file from time to time with the SEC. Additionally, non-GAAP financial measures will be discussed on this conference call. These non-GAAP financial measures, which are used as measures of JFrog's performance to be considered in addition to, not as a substitute for or in isolation from GAAP measures. Please refer to the tables in our earnings release for a reconciliation of those measures to their most directly comparable GAAP financial measures. A replay of this call will be available on the JFrog Investor Relations website for a limited time. With that, I'd like to turn the call over to JFrog's CEO, Shlomi Haim. Shlomi?

Thank you, Jeff. Good afternoon, everyone. And thank you for joining us. I'm happy to report that JFrog's second quarter revenue exceeded our prior guidance driven by increased cloud consumption, expansion of our security solutions and continued adoption of the JFrog Software Supply Chain Platform. Our 2023 Second quarter revenue was $84.2 million reflecting 24% year-over-year growth. Cloud usage continues to accelerate as we expected, delivering revenues of $27.6 million, increasing 44% year-over-year. We also exceeded our profitability guidance with a non-GAAP profit of $12.1 million while still investing in our core team. Customers with ARR over $100,000 grew to 813 compared to 647 in the year-ago period, increasing 26% year-over-year. Customers with ARR over $1 million increased to 24 versus 17 in the second quarter of 2022, up 41% compared to the year-ago period. These results reflect that the JFrog platform continues to be prioritized as critical infrastructure and that our three pillars of DevOps, security and IoT hold strategic value for our customers. Let me expand on what made Q2 another strong quarter for JFrog. Let's begin with the ongoing adoption of JFrog security solutions. Most organizations recognize the need for multiple DevSecOps capabilities, such as software composition analysis, contextual analysis, infrastructure code security, leaks, secret detection, and container security among other key features that are included in JFrog Advanced Security alongside other JFrog offerings. As we noted in our previous call, we have ambitious goals to provide end-to-end security across the software supply chain with a comprehensive set of capabilities bundled together as a consolidated solution. We believe this approach will outpace and displace point solutions in the market. I'm pleased to report that in the short period since the availability of JFrog Advanced Security in the market, we have already gained tens of customers that have added this capability to their subscriptions, indicating that enthusiasm for Advanced Security is gaining momentum in the DevSecOps market, not only because of the advanced scanners and automation of software packages, but also the native integration with Artifactory that serves our customers as the single source of record. On that note, I'm excited to mention our recent security product release. As we know, in our industry over time, less and less software is being written as original code. Instead, binaries are being brought in from the outside world, often open source. Many industry estimates indicate that up to 90% of software is comprised of open source packages, containers, and more, all binaries. Developers often cache public repositories to obtain these libraries from the internet to speed development and add critical features. While developers may be faster, these practices can unknowingly add security and compliance risks in the form of vulnerabilities entering the organization. This creates friction between developers who want to move fast and security teams who don't want to compromise, requiring a clear understanding of the software's composition and dependency management. In partnership with our community, we built JFrog XRAY and Advanced Security, tools integrated natively within Artifactory to protect the software supply chain and everything happening within the organization. JFrog has now shifted even further left to build a fence around companies to automatically and seamlessly stop malicious packages and unvalidated open source licenses from ever entering the organization. I'm proud to announce the general availability of JFrog Curation, which was released a few weeks ago in mid-July. This solution automates the curation of open source software entering an organization before the development process begins. JFrog Curation automatically checks for malicious components and policy-violating software and prevents them from ever entering the organization and compromising the security of the software supply chain. Policies can be defined centrally by security teams and applied at a global scale across organizations. Many of our customers are already exploring JFrog Curation, and we look forward to partnering with them. JFrog Curation is offered as a basic add-on to the enterprise X or enterprise class subscriptions. Our goal is to enable JFrog users to gain the highest level of visibility and control over the software development lifecycle by delivering a consolidated solution that focuses on all of an organization's binaries. We will continue to bring innovative security solutions to the market and couple them with Artifactory, which already serves millions as the database of DevOps. JFrog Curation joins the security suite of products offered by JFrog, all of which are available in hybrid and multi-cloud versions. Next, I want to address customer expansion and tooling consolidation on the JFrog platform. The complete software supply chain flow is the flow of binaries, which uniquely positions JFrog as mission-critical for every enterprise. As customers continue to streamline their operations with our platform, we see them consolidating tooling around the binary-centric pipelines for both DevOps and security. For example, one of the top five Fortune 100 healthcare pharmaceutical and retail companies made a decision in Q4 of 2022 to migrate away from Google's container management cloud services and some of that next was the binary repository to the JFrog platform, consolidating the complete package management, development pipeline solution, and container registries under one platform. Only a few months later, in Q2 of this year, they successfully completed the proof-of-concept with our team as they began to explore consolidation of the multiple security point solutions. As a result of this proof-of-concept, the customer decided to move away from Snyk to JFrog to cover their software composition analysis needs and are now exploring JFrog’s other security capabilities as part of a strategic consolidation and standardization around our platform. We believe tooling consolidation will continue to be both a macro trend and a DevSecOps tooling imperative. This type of consolidation, in our eyes for our customers, reflects the findings of a recent study conducted by Forrester commissioned by JFrog. The Forrester 30 AI report found that enterprises investing in the JFrog platform could expect a nearly 400% return on investment over three years, and that some organizations could expect to save up to 156 hours per developer per year when utilizing the JFrog DevOps and security platform. In their study, an enterprise with thousands of developers could potentially save tens of millions of dollars in costs over 36 months. These results reflect JFrog’s core business value of improving efficiency and productivity across an organization through automation and control of the binary flow. At the same time, Forrester noted in another recent industry report that, quote, JFrog is great for enterprises that place high value on software supply chain security. Customers are looking across the portfolio to discover ways to reduce technological and integration costs, and the JFrog platform allows them to fulfill this vision. I now want to focus on the ongoing adoption of the JFrog platform across our three goals for high-value enterprise subscriptions. When JFrog first entered the market, DevOps was not even a phrase. When we introduced XRAY as our first security solution a few years ago, DevSecOps was in its infancy. Today, we see developers and development organizations tasked with security, multiple programming languages, cloud-native technologies, multi-cloud deployments, open source management, software distribution and more. With the number of connected devices that must stay updated growing into the tens of billions, software truly has no boundaries. We continue to see customers trusting JFrog with this boundless software delivery. For example, a leading biopharmaceutical company turns to JFrog to help them revolutionize medical supply processes with an innovative approach. Using a combination of software and connected devices, they aim to simplify how hospitals and medical staff consume and trace organic and inorganic medical inventories, looking to guarantee the security and integrity of the extensive network of sensor-driven devices in the field. They first considered JFrog Connect for over-the-air software updates and as a fleet management solution. However, upon realizing the benefits of JFrog Artifactory as a universal binary repository and JFrog XRAY and Advanced Security for mitigating software supply chain attacks, they decided to adopt the JFrog platform as their system of record. Partnering with JFrog helped them to consolidate around a single DevOps and DevSecOps platform. We look forward to working with companies such as this moving forward to change the way every industry thinks of delivering and managing software from developers to the secure distributed edge. Now, I would like to address JFrog's view of the potential impact of generating artificial intelligence technologies within our software supply chain platform, security solutions, and for individual developers. As we’ve previously noted, from a business perspective, we believe that AI-powered automation of software will drastically increase the overall code created within organizations, leading to an increase in the number of binaries being generated by developers or machines. As JFrog continues to be the gold standard in enterprise artifact management, we look forward to helping companies scale with our software supply chain platform alongside their AI-driven advances. More code equals more builds; more builds equal more binaries, which creates a huge opportunity for JFrog. We also see JFrog as an AI enabler for our customers. We have already observed JFrog Artifactory serving as the repository for customers' machine learning and AI models. Machine learning models are yet another form of binary, consumed in the organization as software packages. Therefore, managing customers' AI processes and their major data at scale, locally, natively alongside other technologies generate incremental benefit from the use of the JFrog platform. The builders of AI models within companies are often Python developers and data scientists utilizing Conda or Crun packages, which are already natively supported by Artifactory. This reinforces JFrog as the single source of truth for companies' development processes, as well as potentially the AI and ML ops initiative. Finally, regarding AI within JFrog, we are exploring several approaches that will enhance future versions of JFrog DevOps and security solutions, and we look forward to providing updates on our progress in the near future.

Thank you, Shlomi, and good afternoon, everyone. During the second quarter, total revenues were at $84.2 million, up 24% year-over-year. Our stronger-than-expected revenues in the quarter were driven by continued strength of our cloud business and adoption of higher subscription tiers across the JFrog software supply chain platform. In the second quarter, our cloud business saw sequential expansion in customer usage, equaling revenues of $27.6 million, up 44% year-over-year. While we continue to see a slower pace of cloud migrations compared to the prior year, we're pleased with improving user strength during the first half of 2023. Going forward, we believe cloud optimization will remain an ongoing exercise within large enterprises as customers continue to focus on efficient growth. We reiterate our baseline cloud growth rate of mid-forties during fiscal year 2023. Self-Managed revenues or on-prem were $51.8 million, up 17% year-over-year during the quarter. Overall expansion and revenue growth within our self-hosted business remains constrained relative to prior years as customers transition towards cloud and hybrid deployments, which has reduced organizational focus on future expansion within self-hosted deployment. We have received positive feedback from customers regarding JFrog Advanced Security and initial interest in JFrog Curation, with many of these engagements being self-hosted deployments. We remain optimistic that our security solutions can be a potential catalyst to re-accelerate revenue growth and customer expansion within our self-hosted business. Net dollar retention for the four trailing quarters was 120%, a decline of four points sequentially due to ongoing macro headwinds and low retention within our self-hosted business. We have started seeing the stabilization of NDR around these levels and continue to expect our net dollar retention for the year to be around 120%. Our gross retention continues to be 97% with no change in overall customer churn terms. In Q2, 45% of our total revenue came from enterprise plus subscriptions, up from 36% in Q2 of 2022, an increase in revenue contribution of 56% year-over-year. Now let me discuss our income statement in more detail. Gross profit in the quarter was $70.4 million, representing a gross margin of 83.6%, essentially flat with the year-ago period, and in line with expectations as economies of scale and cost control have set high cloud revenue contribution. Operating expenses for the second quarter were $62.2 million, down $1 million sequentially, equaling 73.9% of revenues, compared with $58.8 million or 86.8% of revenues in the year-ago period. During the second quarter, we've benefited from the timing of certain expenses being pushed into the third quarter. We continue to remain focused on expense discipline while continuing to strategically invest in go-to-market initiatives and technology innovation. Our operating profit in Q2 was $8.2 million or a 9.7% operating margin compared to an operating loss of $2 million or negative 3% operating margin in the prior year due to better-than-expected cost efficiencies. Second-quarter net income equals $12.1 million or $0.11 per diluted share based on $108 million diluted shares outstanding versus a year-ago net loss of $2.2 million, equating to a loss of $0.02 per diluted share. Turning to the balance sheet and cash flow. We ended the June quarter with $470 million in cash and short-term investments, up from $443 million as of December 31, 2022. Cash flow from operations was $16.7 million in the quarter. After considering CapEx, cash flow was $16.2 million, generating a $19.3 million free cash flow margin. We reiterate our expectations for low double-digit free cash flow margins in fiscal 2023. As of June 30, 2023, our remaining performance obligations totaled $213.6 million. Now, I'd like to speak about our guidance for the third quarter and full year 2023. Our full year 2023 expectations continue to estimate strong growth in our cloud business and ongoing expense discipline. For Q3, we expect revenue to be between $87 million to $88 million with non-GAAP operating profit between $6 million to $7 million and non-GAAP earnings per diluted share of $0.08 to $0.09, assuming a share count of approximately 110 million shares. I would note that third-quarter operating expenses will include costs related to our employee merit increases and our swampUP User Conference, which will cause a sequential step up. For the full year of 2023, we anticipate total revenue in the range of $343.5 million to $345.5 million. Non-GAAP operating income is expected to be between $24 million and $25 million and non-GAAP earnings per diluted share of $0.26 to $0.28, assuming a share count of approximately 110 million shares.

Thank you, Jacob. We continue to believe that JFrog is well-positioned to achieve our planned goals in the coming quarters, and our customers' ongoing commitments and partnerships alongside us validate the mission-critical nature of our platform. Before we close, I want to thank the entire JFrog team for a strong quarter. Your resilience and passion are stronger than any macro headwinds, and the results speak for themselves. Q2 success belongs to you. I also want to invite everyone to attend our annual swampUP DevOps and DevSecOps User Conference in San Jose on September 13. I'm looking forward to updating the community on our major product and strategy announcements alongside amazing industry and JFrog customers stories from companies like Fidelity, Breyers Games, Netflix, and others. Thank you all for joining us for our Q2 earnings call. And may the Frog be with you. Now, we'd be happy to take your questions.

We'll take our first question today from Pinjalim Bora at JP Morgan.

Hey guys, this is Noah on for Pinjalim. Thanks for taking your questions. Just want to double-click a bit on the recent curation feature you've just rolled out. Can you just maybe elaborate on how this has helped you ship more or less than the DevSecOps lifecycle? And are you now targeting potentially different buyers as you saw mentioned products?

Hi, Pinjalim. Yes. We are very excited about the release of JFrog Curation. Actually, that was part of the plan of extending our DevSecOps solution and shift even further left, as I've mentioned, the buyers of JFrog Curation are actually a combination of the CIO office and the CISO office. The developers would like to have an automated way to enforce policies that are coming from the CISOs to avoid having each of the caching from public hubs of software binaries to get into the organization and automate this whole process. So basically, it's a partnership between the CISO and the CIO. And still, this demand came from the DevOps and the DevSecOps engineers, so I'm not yet really a few securities stakeholder but a combination of both.

The next question comes from Sanjit Singh, Morgan Stanley.

Hey, this is Chris Quintero asking on behalf of Sanjit. Congratulations on the results, and thank you for addressing our questions. I wanted to inquire about the difference between the slow addition of 100,000 customers and the addition of over 1 million customers, which you mentioned yourself. Clarifying both of these would be really helpful.

Yes, I will take this question. So our goal is to expand all customers, and we see diversification of the customer base between different segments. Specifically, to the expansion of million-dollar customers, what we're happy to see is that these customers actually come in from industries that are outside of our traditional strong segments, technology and banking. Those coming from other industries show that the DevOps and DevSecOps capabilities that we offer are important across multiple industries. We also see that our enterprise plus platform and subscription continue to provide a lot of value. You're absolutely right that in absolute numbers in Q3, we added less than in the prior quarter. However, we see a lot of engagements over the last 12 trailing months that are comparable to prior periods. So we really don't see any change in the trends here. It's probably just more likely timing issues.

Got it, that makes sense. I also want to ask about the optimizations you are seeing from customers on the JFrog Cloud side. Can you provide any additional insights on that and update us on the timing and progress of those optimizations?

Yes, as you know, from our prepared remarks, we continue to see expansion of our usage baroque by our customers. Previously, we know that we started the year like January was very slow and still subject to optimizations. Then in March, we did see the pickup in usage, which trend continued in April and throughout the quarter. So we believe that those initial headwinds of optimization are behind us. Going forward, we expect that customers will continue to put emphasis on efficient growth. But in terms of usage, we do see our customers using more of the platform, and therefore we expect that our cloud revenues will continue to grow in the mid-forties for the year.

Next up is Kingsley Crane, Canaccord Genuity.

Hi, thanks for taking my question. So I'd like to ask about duration. I think one of the most interesting aspects of it is that it's focused around developer velocity. Obviously, your platform appeals to all kinds of stakeholders. But I think in terms of an individual product, this is one of the more exciting ones for developers. So how do you think that will play out in terms of encouraging adoption? And then are you thinking this will drive upselling to premium bundles or gain revenue through pricing a la carte?

Thank you, Kingsley. Curation, in terms of the adoption, will increase the usage of JFrog Security Solutions, the holistic software supply chain security. It comes as an option as an add-on to the enterprise X and the enterprise plus subscriptions. And it's, as mentioned, a per-seat by-year model. So we expect to see expansion coming from the adoption of JFrog Curation as well, not only by the number of enterprise brands and enterprise X users, but also by the number of developers in the organization in the enterprise that use it.

Okay, thanks for that, that's very helpful. And then one on the financials. So I want to talk about NRR. I think that 120% is a great number, but if NRR is a trailing 12-month metric, I think declining four percentage points in one quarter is significant. So I think that would suggest that the encoder performance was well below. So I guess, does that imply a reacceleration or a higher NRR in or in the back half in order to reach 120% for the full year? Thank you.

Yes, you are absolutely right when you said that our net dollar retention rates declined 4% from the prior quarter. This was actually in line with our expectations. If we go when we guided the year, we did expect net dollar retention to go down to around these levels. Currently, we see stabilization around this level and expect to finish the year with NRR around these levels.

Brad Reback from Stifel is our next question.

Great, thanks very much, Jacob. On the cloud consumption trends, did July look a lot like June, or did it actually continue to accelerate?

Brad, I don't have the data for July yet, so I cannot comment. During the month, we continue to see strong performance, but I don't have final numbers for July.

Got it, no problem. And then Shlomi, I think last quarter, you talked about the global partner network and the momentum you were seeing there? I'm not sure if I missed it earlier in the prepared remarks, but any commentary on the rest of the world would be great. Thanks.

Yes, that's a good point. Our partners and alliances program continue to accelerate. Actually, I mentioned swampUP, our user conference happening on September 13. For the first time, we are also having a Partner Day a day before to celebrate over 100 partners that we built the program with in the past year. Aside from that, the co-sell and co-marketing motion of working with all three clouds, AWS, GCP, and Azure is also accelerating through the marketplace. So we are very pleased to see it not only by cloud goals, but also for self-hosted partners and by region and geography, not just with DevOps but also with new security partners that join the portfolio.

Michael Cikos from Needham & Company has the next question.

Hey guys, thanks for getting me on here. I just wanted to circle back to Jacob’s earlier comment around the NRR. I think it was that we expect to finish the year around this current level. And really where I'm going with this is I just like to see what gives you the confidence to see JFrog finishing the year at these levels? Is it based on maybe the tone of conversations with customers, the renewal base that you had coming to, just anything there would really be incremental?

Yes, so when we think about our net dollar retention forecasts, first of all, we're looking at our renewals with our customers and obviously talking to them and evaluating their plans. We're also seeing continued consumption trends on SaaS and commitments of our annual customers on SaaS. Finally, we're looking at the overall economic environment and demand environment. We see stabilization in that regard, and that gives us confidence in our net dollar retention staying around these levels.

Great. I also appreciate the comments about the customers adopting Advanced Security. Many of us are excited about that offering. Can you explain how your sales team or your go-to-market strategy is raising awareness within your existing customer base to encourage adoption? Additionally, what have been some of the early insights from those customers who have adopted it? Have you gathered feedback and developed customer testimonials to promote further success with Advanced Security?

Yes, Mike, so just as you and we are also very excited about the results. To remind everyone, we announced JFrog Advanced Security for hybrid availability in the first quarter of this year, and to see so many of our customers showing interest in some of them. Tens of them have already paid for additional subscriptions. Obviously, these are great news for us. The main thing our go-to-market team focuses on is mapping the renewals that we have ahead of us and seeing who are the XRAY customers that already use JFrog T1 security XRAY software composition analysis, and also the capabilities the JFrog Advanced Security offers. Therefore, the second effort goes towards market education. So attracting new customers, some of them we've mentioned in the call today, are coming to JFrog mainly because of the consolidation. They want to see one software supply chain that not only provides one capability or two capabilities to secure their DevOps and DevSecOps teams but also the repository, the distribution process, and everything around that. These are the main two catalysts for the adoption. The fact that it's also available in the cloud and on-prem gives us the freedom to operate in different deployment environments. The last thing is that since we are very transparent with our roadmap, we are speaking about XRAY and JFrog Advanced Security as being available in the last quarter but now we've added Curation. So really what we see from our customers is a demand for a holistic one-stop shop for their software supply chain security, that also includes future roadmap items that also help us build a pipeline.

Your next question is Jason Ader, William Blair.

Yes, thank you. Jacob, question for you. I'm just trying to figure out what's going on in Q4 with your guidance because you guided to $0.26 to $0.28 for the full year. But you're at, if my numbers are correct, you're at basically 25 for the first three quarters based on your guidance for Q3. So that implies Q4 would have like $0.03 of earnings, and that would be the lowest of the year. Can you talk us through what's going on there?

So our actual results for the year for the first six months are about $0.17. Last about $0.08 to $0.09. So it's about $0.24. If you look at the operating profitability, we expect the operating profitability in Q4 to be comparable, slightly higher than in Q3. I expect that EPS for Q4 is probably going to be at levels comparable to Q3. So I hope that makes sense.

But that math doesn't work. I mean, because if you say $0.27 is the midpoint for the full year, and you just said $0.25 for the first three quarters, right? And that would imply $0.02 for Q4. So maybe there's something going on below the line in Q4. But I get the operating income trends that look like they're continuing to be pretty healthy. But Q4 EPS looks like it would be quite a bit below where the rest of the year has been. I mean, we can avail offline if you want, but I just wanted to flag that.

Thank you for your note. And I don't expect any outstanding items below the line in Q4.

Yes, so regarding security, what we see is that it's a bit different. First, when it comes to DevOps, the bottom-up mechanism is very popular, usually being adopted by developers or DevOps engineers, scaled up by the size of the PO, maybe to the CTO, or the CIO, and so on. Maybe strategic decisions are being taken top-down, like, let's say, migration to the cloud. But most of what we've seen and what most of what we build was from the ground up. In security, it's a bit different. The decision is first taken by the security leaders, and then applied in the different groups of the company. What we also see, and this is quite interesting, we start to see a partnership between the CIO and the CISO when it comes to software supply chain security. On one hand, the CIO, the VP R&D, they want to be super fast, the security guys are trying to catch up with it. So any automation that applies to the software supply chain is obviously helping those to bridge the needs. So we usually meet more than one persona over one PO when it comes to security. Most of it would be top down, and most of these opportunities will take more than the average quarter or four-month cycle to complete.

Great. Does the CISO typically have its own budget separate from the CIO and the development teams? Is this causing friction since you need to access two different budget pools?

So the strategy that we chose is a strategy of consolidating all the security solutions into not all of them but the majority of the security solution from the gate scanning to the binary scanning to the distribution to consolidate with the capabilities like secret detection and software composition analysis. We discussed in the call the displacement of Snyk and the displacement of Sonatype. Those were displaced by consolidation to a platform. Usually, when this is happening, there is a budget already marked by the CISO. And it's being compared to security that they already have. If there is a new capability like JFrog Curation, obviously, it will be discussed to start with the CIO. Then they would probably bring the security stakeholders.

Hey, guys, thanks for taking the questions. A couple from me. Just kind of going back to Curation. You mentioned earlier the seat-based model. So how do you think about the TAM for Curation? Is it all the developers out there, security folks, ops folks? I mean, is it all of them? How do you think about the TAM? And then, part of the question on Curation is because it’s seat-based, where's it going to show up in the revenue recognition? Is it going to be in self-subscription self-managed to start and eventually break it out? Just trying to understand where it will fit so we could begin to understand where it's contributing to growth.

Yes, I'll address the first part of your question, and then Jacob can provide more details on where it will be recognized. The total addressable market for JFrog Curation closely aligns with the total addressable market of the DevSecOps sector. We aim to engage all developers operating outside the organization. The alignment between our value proposition and pricing strategy stems from the number of developers utilizing software packages from external sources. For instance, if a developer accesses a public repository for a curated software supply chain, the impact scales with the number of users of that service. By integrating Artifactory with JFrog Advanced Security, which enhances security and the internal software supply chain, we ensure alignment in our models. Research indicates that 90% of the software created globally originates from open-source projects, underscoring its relevance to all organizations based on their developer count. Thus, we are targeting the same total addressable market with an expanded market share. Additionally, the competitive landscape for this solution differs significantly from the fragmented DevSecOps market. There are few curation solutions available that can effectively shield organizations from public repositories and prevent unwanted logs from entering JFrog from the outset. Therefore, it’s not just about the total addressable market; it’s also about the market share we can capture by incorporating this solution into our platform.

With regards to the split between deployment types, it would be reported as an add-on to existing subscriptions. Therefore, it will be dependent on the main subscription that the customer is subscribed to. If it's self-managed, it will be reported as self-managed; if it's SaaS, it will be reported as SaaS.

Got it now that's super helpful. And then, one follow-up here if I may, wanted to ask about the million-dollar customers and the 100k plus customers. You added $3 million in ARR customers, which is the most I think you've ever added in a quarter sequentially. So congratulations there, the 100k maybe a little bit light versus recent quarters. So just trying to understand the dynamic between the 1 million plus and 100k.

Yes, Koji, when we are looking at it, obviously, we are very pleased not only because of the size of the PO, but also the subscriptions that these guys are upgrading to and the amount of capabilities from the JFrog platform that they are actually using while we monitor it. In the last six quarters, we added at least $1 million customers to this group, which also demonstrates an adoption or growing adoption of our platform. Regarding the over $100,000 customers, the 813, I'm looking at it, if I may, in a bit different perspective to add over 150 customers to this group in the last year during the recession, with all the new technologies coming and the changes we see in the market. I am actually pleased with the goal and I'm expecting it to go even higher than that when looking at the pipeline and hoping to see changes in the market.

Your next question is Michael Turits, KeyBanc Capital Market.

Hey, Shlomi, Jacob. Great job on the quarter. You mentioned that optimization is mostly behind you, but Microsoft and others have indicated that several more quarters of optimization are still needed. Can you explain how your optimization process might differ from that of the hyperscalers? Additionally, could you provide an update on new projects and whether you're starting any new software development initiatives?

Michael, I will take this question. I think big hyperscalers provide multiple different types of workloads, and it's hard for me to comment on what kind of work was impacted by optimization and what not. What we've seen is that the DevOps is critical infrastructure, and we see that in terms of data transparent storage, we continue to see growth sequentially in our systems. So it's really maybe the difference between what we see and what hyperscalers see is that the fact that they provide a variety of different workloads. Maybe that's what impacts their outlook.

So just another qualitatively then why does it make sense that your optimizations would have troughed that you want start to rebound earlier than theirs from it. And again, obviously, I'm not asking you to comment on their business. But that's a broad business where you're seeing, it seems like an earlier rebound.

As we previously discussed, we monetize our SaaS deployments by data transfer and storage and storage, more low-hanging fruit, which we did see those optimization efforts accelerate about in Q3 and Q4 of last year. Those were kind of shorter time to optimization, data transfer optimization typically requires more time, so we believe that customers will continue to monitor their usage and strive to grow efficiently. The initial impacts of optimization were really behind us.

Michael, I'll add to it. There is just so much that you can dry out your infrastructure because of walls. With everything that comes in, the security automation in the software supply chain is getting enriched, and we also need to deal with AI as we mentioned. Some of our customers already started to use our infrastructure for AI. These can be optimized up to a limit. As Jacob mentioned, it can't necessarily be compared to the big cloud companies, and we hear our customers telling us that some of them are also in a pending mode, waiting for budgets to be released so they can migrate to the cloud and grow faster.

Next up is Jonathan Ruykhaver, Cantor Fitzgerald.

Yes. Hey, guys, thank you for getting me in. So GitHub recently claimed that approximately 46% of its customers' code is already written by Copilot, and they actually said expect that to go to 80% sooner rather than later. They've also made some comments along the lines that Copilot has accelerated customer growth and is making GitHub more competitive around managing git repositories. Now, to your comments earlier, Shlomi, it seems fairly obvious that LLM will drive increasing market demand for Artifactory management broadly. But how do you see the competitive impact play out due to LLM? What is your strategy there?

Yes, Jonathan, that's a great question. As you know, there are a lot of discussions around AI and the regulations around AI and the potential of it. But let's kind of take it to the level that everybody understands: more code, whether it's made by Copilot or by developers, creates more binaries, and more binaries create more opportunities for JFrog because we are the standard makers in the binary storage of the organizations today. Not only that, the most exciting thing about managing AI models in LLM models is the fact that they are yet another form of binary. So whether you handle it or you build it inside the organization or you bring it from outside your organization, Artifactory can be the only tool that supports you unless you just want to dump it on a regular file server. The last thing that I would say is that these coders you mentioned that are using Copilot to build AI models are essentially Python developers or data scientists that are utilizing packages like Conda and CRun, all of which are already natively supported in Artifactory. For them, it is just a familiar place to fetch their model. And not just AI models but also models coming with AI to train the machine. So we see big opportunities around that. As we mentioned in our call, we look forward to share with the industry what we build natively to support this demand. As it goes back to the previous question, infrastructure optimization will get to a limit from that point on; it will get back to what we used to see in the previous years.

Next up is Robbie Owens, Piper Sandler.

Great, thanks for taking my question. And I want to drill down a little bit into the cloud optimization being behind you. And I don't know if you've ever broken out for us the difference in gross retention rates between self-hosted and subscriptions. And or is there something in those trends that may show you that a lot of the optimizations behind you at this point, either from a gross or net retention perspective? Because I guess that might play into some of those questions around net retention for the back half of the year. Thanks.

Yes, the only information we provided on the difference between SaaS and self-hosted is that SaaS net dollar retention is higher than corporate and self-hosted is lower than corporate. Again, we believe that the storage optimization is kind of low-hanging fruit, and those who wanted to do that most likely have done that because we started seeing first optimization efforts about four quarters ago. That was sufficient time for customers to look at their storage environments and make necessary steps for the data transfer optimization. It's, we believe, going to be an ongoing effort. That's what we said, the first wave of optimization is behind us and going forward will just be seeing more efficient growth of our customers.

There are no further questions at this time. I'll turn the call back to Shlomi for closing remarks.

Thank you all for joining us on this quarter earnings call, and thank you for your questions. We're looking forward to continue executing and delivering more news from the swamp. Join us at swampUP, September 13 in San Jose, and by then may the Frog be with you. Thank you.

This concludes today's call. Thank you for attending. You may now disconnect.