Earnings Call
JFrog Ltd (FROG)
Earnings Call Transcript - FROG Q3 2022
Operator, Operator
Ladies and gentlemen, thank you for joining us, and welcome to JFrog's Third Quarter 2022 Earnings Conference Call. I'll hand the conference over today to Jeff Schreiner, VP of Investor Relations. Jeff, please go ahead.
Jeff Schreiner, VP of Investor Relations
Good afternoon, and thank you for joining us as we review JFrog's third quarter financial results, which were announced following market close today via a press release. Leading the call today will be JFrog's CEO and Co-Founder, Shlomi Ben Haim; and Jacob Shulman, JFrog's CFO. During this call, we may make statements related to our business that are forward-looking under federal securities laws and are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and including statements related to our future financial performance, including our outlook for the fourth quarter and full year of 2022. The words anticipate, believe, continue, estimate, expect, intend, will and similar expressions are intended to identify forward-looking statements or similar indications of future expectations. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our views only as of today and not as of any other subsequent date. Please keep in mind that we are not obligating ourselves to revise our public release the results of any revision to these forward-looking statements in light of new information or future events. These statements are subject to a variety of risks and uncertainties that could cause actual results to differ materially from expectations. For a discussion of material risks and other important factors that could affect our actual results, please refer to our Form 10-K for the year ended December 31, 2021, filed with the SEC on February 11, 2022, and which is available on the Investor Relations section of our website and the earnings press release issued earlier today. Additional information will be made available in our Form 10-Q for the quarter ended September 30, 2022, and other filings and reports that we may file from time-to-time with the SEC. Additionally, non-GAAP financial measures will be discussed on this conference call. These non-GAAP financial measures, which are used as measures of JFrog's performance should be considered in addition to, not as a substitute for or in isolation from GAAP measures. Please refer to the tables in our earnings release for a reconciliation of those measures to their most directly comparable GAAP financial measures. A replay of this call will be available on the JFrog Investor Relations website for a limited time. With that, I'd like to turn the call over to JFrog CEO, Shlomi Ben Haim, Shlomi?
Shlomi Ben Haim, CEO
Thank you, Jeff. Welcome, everyone, to our third quarter earnings call. I'm proud to report that JFrog had another strong and successful quarter. In Q3, we surpassed the high end of our guidance across all metrics due to the strength of our platform in DevOps, security, and IoT. Our third quarter revenue was $72 million, showing a 34% increase year-over-year. Cloud revenue rose by 60% year-over-year, fueled by increased adoption of our platform and ongoing customer migration to cloud and hybrid environments. We continue to see a growing list of global enterprise customers integrating JFrog into their DevOps and DevSecOps processes. Customers with annual recurring revenue over $100,000 rose to 696 from 647 in the previous quarter, marking a 49% year-over-year increase. Meanwhile, the number of customers with annual recurring revenue over $1 million grew to 18%, up from 17% in the last quarter and 29% year-over-year. Our trailing four-quarter net dollar retention stood at 130%. The JFrog platform, which is the only binary-focused end-to-end solution, has become mission-critical for our customers as they rely on it as their primary source of tools and record for software delivery. We're honored to be strategic partners with our customers and grateful for their trust. Now, let me highlight a few key points from Q3. First, we saw growth in full platform adoption, highlighting the need for comprehensive DevOps and DevSecOps solutions. Second, there’s increasing interest in our binary-focused security solutions, including our recently launched Advanced Security offering. Third, companies are transforming their software supply chain processes in the cloud while migrating to enterprise DevOps solutions. Lastly, there is a growing demand to integrate DevOps, security, and IoT with connected devices. Starting with platform adoption, we're encouraged by the uptake of our Enterprise Plus subscription by some of the largest enterprises in the world. The increase in Enterprise Plus customers and its revenue contribution reinforces our view that the market requires more sophisticated end-to-end solutions. Customers have shared how they utilize the JFrog platform to manage, secure, and distribute binaries throughout production, emphasizing its importance in their software supply chain. We recently attended Morgan Stanley's Innovation Summit, where their tech leaders reviewed our collaborative plans. Just a few years back, they initiated deployment with self-hosted Artifactory and have since expanded to security and distribution using the JFrog platform both on-premises and in the cloud. Morgan Stanley's Global Head of Enterprise Technology Architecture, Trevor Brosnan, described JFrog's vision for a platform that is accessible anywhere as uniquely suited to their needs for modern DevOps at a global scale. We're excited to continue enhancing our platform's capabilities as enterprises increasingly demand a comprehensive binary lifecycle management solution for automating software supply chain security. Turning to our security pillar, we recently launched JFrog Advanced Security, which introduces the first DevOps contract security solution focused on binaries. This is distinct because JFrog serves as our customers' single source for all binaries, whether developed internally or sourced as open-source packages. Binaries contain essential data about their lifecycle, making it crucial for development teams to control and secure the entire software supply chain. Any security tool must either deeply integrate with JFrog Artifactory or build a binary repository. JFrog's new capabilities integrate natively with Artifactory, allowing us to provide security from a unique angle. The concept of robust software supply chain security is straightforward; without control over the binaries, you cannot secure them. Our Advanced Security includes features like leak detection, contextual analysis, and malicious package scanning, moving beyond software composition analysis to secure both sides of Artifactory. The industry recognizes the threats developers face from hackers and events like Log4j, which have highlighted the vulnerabilities in binaries that expose organizations to risk. This combination of comprehensive security with the JFrog platform managing the binary lifecycle addresses the emerging challenges in software supply chain security. We are pleased to see industry leaders like Google Cloud emphasizing binary authentication's significance as part of software supply chain security, and we anticipate more security solutions will recognize binaries as the primary assets to secure in modern software delivery. Regarding cloud growth and migration, JFrog advocates for a hybrid and multi-cloud DevOps strategy that our customers believe will persist. For many enterprises, this vital infrastructure transition is a multi-year endeavor that involves a gradual strategic transformation. Our hybrid approach allows customers to shift workloads at their own pace while meeting necessary standards and regulations. In Q3, we welcomed one of the world's top three automobile manufacturers as a new customer. This multimillion-dollar agreement, completed through partnerships with the cloud marketplace, included full adoption of JFrog's platform, arising from community efforts around Konan. We opened our Clas package manager, favored by automotive and IoT sectors seeking scalable and centralized global development solutions. Their transition from Sonatype Nexus to JFrog aligns with their goal of standardizing on the cloud during the shift towards electric vehicles. Another existing customer, a well-known heavy equipment manufacturer in the U.S., signed a deal for over $500,000 ARR, looking to standardize their software distribution processes and reduce manual tasks across all their delivery pipelines. Looking towards the DevOps for IoT sector, we announced JFrog Connect in Q2, and in Q3 we secured our first large deal utilizing JFrog Connect with the JFrog platform. An international defense electronics firm opted for JFrog to manage the complete DevOps flow for one of Western Europe's advanced military forces, enabling over-the-air software updates for essential equipment. This shifts from the outdated manual update process with flash drives to an automated solution that bridges DevOps and over-the-air capabilities for continuous updates. Binaries, being the only software asset deployed on the device, can now be managed and delivered by Artifactory, continuously secured by JFrog security, extending down to the edge via JFrog Connect. We look forward to working with more customers to enhance this edge adoption, which will increasingly fall on developers' responsibilities. The CEO of Ford Motor Company recently highlighted this digital transformation, stating that Ford aims to lead the next automotive revolution by turning vehicles into data generators that will receive continuous updates. We take pride in that JFrog's vision for liquid software and ongoing updates is becoming a reality. Finally, I want to address the macroeconomic challenges and geopolitical impacts that many of our customers are experiencing. Customers worldwide are exploring ways to enhance efficiency and improve financial operations through vendor consolidation and more strategically targeted investments. With our business efficiency and the growing demand for comprehensive DevOps and security solutions, we are well-positioned to handle economic hurdles. We recognize that customers may seek to use fundamental infrastructure like the JFrog platform to consolidate DevOps and DevSecOps tasks, replacing outdated processes or point solutions. However, we are not insulated from macroeconomic challenges, as we've noticed extended sales cycles, additional budget approval processes, and delayed projects. As we approach the final quarter of the year, I want to reaffirm our goal of finishing the year at breakeven while managing a robust business that creates value for shareholders, innovates in the DevOps space, and serves thousands of customers while supporting a diverse team globally. Before I hand the call to Jacob, I would like to welcome Yvon Wossner to the JFrog Board. With over 30 years of expertise in enterprise software, cybersecurity, and cloud, Yvon joins us with extensive industry knowledge that will help accelerate our growth in DevOps, security, and IoT markets. Now, I’ll turn the call over to our CFO, Jacob Shulman, for a detailed review of our Q3 results and our outlook for Q4 and the fiscal year 2022. Jacob?
Jacob Shulman, CFO
Thank you, Shlomi, and good afternoon, everyone. During the third quarter, total revenues were $72 million, up 34% year-over-year. Expansion in our cloud business continued with revenues of $21 million, up 60% year-over-year, representing 29% of total revenues, driven by new customer wins and increased usage within security and DevOps solutions. We are pleased with the continued growth momentum in our SaaS business despite some optimization of usage by our customers that we experienced during the quarter. We saw customers adjusting their usage patterns to get some cost savings as well as utilize better pricing by moving from PayGo subscription to minimum annual commitments. Nevertheless, we believe our SaaS business will continue to grow rapidly by expanding DevOps and security solutions as well as new customer lands on the cloud. We reiterate our belief that the baseline growth rate for our cloud business remains in the mid-50s percent range with potential upside from customer usage as we have seen so far in 2022. Self-managed revenues for on-prem were $51 million, up 26% versus the third quarter of 2021. On a year-over-year basis, growth in our self-managed revenues continues to be persistent, even as the vast majority of our new customers are first landing on the cloud and many large on-prem customers are gradually migrating toward hybrid deployments. We believe JFrog's hybrid solution allows freedom of choice, providing more control over how and when customers transition to the cloud. We view our support for hybrid, coupled with continued growth in self-managed deployments as future drivers of solid growth in our on-prem business. Net dollar retention for the four trailing quarters was 130%, in line with our prior commentary. As of the quarter's end, we had 696 customers with ARR of over $100,000, up from 647 customers as of June 30, 2022, and up 49% from 466 at the end of Q3 of 2021. We also grew the number of over 1 million ARR customers to 18, up 29% year-over-year. As we discussed in the past, adoption of the full platform is a key factor in the increasing size of our customers. In Q3 of 2022, 39% of our revenue came from enterprise plus customers, up from 34% in Q3 of 2021. Now let me discuss the income statement in more detail. Gross profit in the quarter was $60.6 million, representing a gross margin of 84.2% compared to 84.5% in the year-ago period. We expect gross margins to remain between 83% and 84% in the near future and then turn toward the low 80s over the long term as cloud revenues become a greater portion of our total revenue. Operating expenses for the third quarter were $59.4 million or 82% of revenues, up from $44.1 million or 82% of revenues in the year-ago period. Our operating expenses grew approximately $600,000 sequentially as we initiated previously announced operational efficiencies. While we continue to invest strategically within R&D and build out our enterprise sales and channel relationship for the long term, we also have continued to look for ways to enhance productivity and reduce costs. Non-GAAP operating profit in Q3 was $1.2 million or 1.7% operating margin compared to an operating profit of $1.3 million or a 2.5% operating margin in the year-ago period. We turned back to profitability this quarter as non-GAAP net income in the quarter was $1.8 million, with earnings per share of $0.02, based on approximately 105 million weighted average diluted shares outstanding compared to a loss per share of $0.02 in the previous quarter. Turning to the balance sheet and cash flow. We ended the quarter with $434 million in cash and short-term investments, up from $430.2 million as of June 30, 2022. Cash flow from operations was $5.1 million in the quarter. After taking into consideration CapEx, free cash flow was $3.8 million. We remain committed to accelerating our free cash flow margin towards our long-term target of 30% over the coming years. As of September 30, 2022, our remaining performance obligations totaled $189.8 million. As Shlomi noted, the overall global macro environment remains challenging. However, I'm proud to say that our renewal rates remain high, usage remains high and some of the world's biggest companies are turning to JFrog to make them more efficient, secure and scalable. We have already implemented some cost savings initiatives, and we'll continue to do so as we navigate these uncertain times. We remain consistent with our forward guidance methodology, working to balance the macro challenges faced by the global economy and the opportunities we see to expand JFrog's role in the software supply chain. For Q4, we expect revenue to be $76.5 million to $77.5 million, with non-GAAP operating profit between $1 million and $2 million and non-GAAP earnings per diluted share of $0.01 to $0.02, assuming a share count of approximately 106 million shares. For the full year of 2022, we anticipate a range between $280 million and $281 million. Non-GAAP operating income is expected to be between $1 million and $2 million and non-GAAP earnings per diluted share of $0.01 and $0.02, assuming a share count of approximately 106 million shares. We guided to breakeven levels for fiscal 2022 and even with the headwinds created by the current environment, we'll continue to execute on this commitment. Now let me turn the call back to Shlomi for some closing remarks before we take your questions. Shlomi?
Shlomi Ben Haim, CEO
Thank you, Jacob. As I'm wrapping up, I'd like to thank my team. I'm proud and honored to walk alongside the team driving this groundbreaking innovation. We look forward to partnering with our customers to drive their digital transformation and adopt a modern DevOps security and IoT solution with our platform. Thank you all for your attendance today and may the Frog be with you. And now we'll be happy to take your questions.
Operator, Operator
Thank you, sir. We're going to take our first question from Mike Cikos, Needham & Company.
Mike Cikos, Analyst
Hi guys, thanks for taking the questions here. I wanted to circle up on some of the commentary regarding the macroeconomic environment. And I know that you guys are saying, hey, you're not immune. We are still seeing longer sales cycles, additional process approvals and these budget delays? I know that we had called out some of these factors last quarter when we last caught up. Can you help us think about how your sales cycles are extending? Are they getting worse versus where we were three months ago or is it spreading to different geographies versus what we were calling out last quarter? Any color there would be helpful?
Jacob Shulman, CFO
Hi Mike, this is Jacob. I will take this question. So overall, we see pretty comparable sales cycles compared to last quarter. We did see slightly more weakness in Europe this time, partially driven also by stronger currency. As you know, which are our customers in U.S. dollars, and we've seen that strong dollar kind of makes our customers in Europe think a bit longer before they commit to the project. But overall, we don't see any significant changes in sales cycle lag.
Mike Cikos, Analyst
Thank you for that. And if I could just squeeze in maybe two quick ones here, I know in the prepared remarks you guys had called out, I believe it was a competitive displacement versus Sonatype Nexus and just curious, can you help us think about when you are seeing those out there, who are the most common competitors that you're bumping up against? Has there been any change on the competitive front?
Shlomi Ben Haim, CEO
Yes, hi Mike, this is Shlomi, I will take this question. So yes, we mentioned the large deal that we obtained this quarter and displaced some of those competitors. In terms of the holistic platform that is focused on binaries, I think JFrog stands first, and we see less competition there. But if you break the platform into different capabilities, obviously, in the world of security, we see some point solutions that compete in the static analysis area and developer security. On the package management front, obviously, there are some solutions that are very limited in terms of the universality of the packages and the binaries they support. But we don't see any vendor providing a full platform that focuses on the binaries and secures your software supply chain, manages your binaries and also the distribution to the edge, more what we see at the front is homegrown solutions that we are replacing and some emerging technologies that are trying to get into this market.
Operator, Operator
Next up, we'll hear from Brad Reback, Stifel.
Brad Reback, Analyst
Great, thanks very much. Jacob, on your optimization commentary on the SaaS product will that convert here into Q4 or was that pretty much confined from your standpoint to the September quarter?
Jacob Shulman, CFO
It really depends on when customers initiated those changes. We've seen customers kind of gradually introducing those. We still believe that our SaaS business will continue to grow rapidly. We reiterated our baseline for our sales growth at mid-fifties with potential upside from use as you know, Brad, we continue to introduce new capabilities in the cloud and to present additional expansion opportunities for us. So we're confident that our cloud will continue to grow rapidly.
Brad Reback, Analyst
That's great. And then Shlomi, do you still feel pretty good about your ability to sustain 30% organic growth, as you've talked about historically?
Shlomi Ben Haim, CEO
Yes.
Operator, Operator
Our next question today comes from Kingsley Crane, Canaccord.
Kingsley Crane, Analyst
Hi, thanks for taking my question. So overall, your business appears to have held up quite nicely. I just want to take a step back, how sensitive do you think your platform is to cost rationalization in general? And do you think the nature of your platform makes it more defensible?
Jacob Shulman, CFO
Hi Kingsley, can you please repeat the question?
Kingsley Crane, Analyst
Yes, so do you think - or how sensitive do you think your platform is to cost rationalization? And do you think the nature of your platform makes it more defensible versus something like a monitoring platform, for example?
Jacob Shulman, CFO
Yes, I'll take and then Shlomi please feel free to chime in. First of all, we provide a lot of value to our customers. Our platform helps to significantly improve efficiencies of the software delivery process, and it is mission-critical tool for many of our customers. Therefore, we believe that despite the fact that customers may be trying to utilize some optimization effort on SaaS, there is still significant need for them to expand our platform usage because they generate significant value from streamlining the software delivery processes.
Shlomi Ben Haim, CEO
Yes, regarding the platform, I think that what we hear from our customers is that they are looking to consolidate point solutions into one solution that is centralized around the software supply chain. Software supply chain is being managed through the binaries, this is what you asked and this is what you promote, this is what you distribute, and this is what you secure with the latest release of JFrog Advanced Security with the release of JFrog Connect. We are actually providing our customers with portability to take the binaries from the development phase all the way to the deployment at the edge. Customers find that very appealing, plus the fact that it's available as an on-prem solution and cloud solution on almost every cloud in every region. So that's becoming an essential part of the decision when you speak about the essential infrastructure migration in our customer set.
Kingsley Crane, Analyst
Really thank you, that's really helpful. And just one follow-up would be I want to talk more about your large Connect deal. What did you learn in the process that can help with other deals going forward? And how would you gauge overall customer demand?
Jacob Shulman, CFO
Yes, well, JFrog Connect is something that we announced in Q2 in addition to our platform. And we were very, very excited to see that the large project, a defense project in one of the European militaries, decided to take the leap after using Artifactory and X-ray, Artifactory to all the binaries, X-ray to secure them, to take the binaries all the way to the edge. Software updates over the edge is the future. And as we said in the past, security became part of the developer's task, we know that in the future, deployment to the edge, over-the-air updates will be part of the developer desk. So building that as part of our platform, being able to deploy these updates over the air while the combat vehicle is running is a big, big change. Currently, in the market, JFrog is the only platform that provides this capability.
Kingsley Crane, Analyst
Okay, very helpful, thank you.
Operator, Operator
Our next question today comes from Bob Guan, Morgan Stanley.
Bob Guan, Analyst
Hi, This is Bob filling in for Sanjit. Just for starters, just to think about your security product strategy. Do you have to change your go-to-market motion or do you have to invest in additional specialist sales teams or security teams to really have your product adopted, or is that the way to think about it?
Shlomi Ben Haim, CEO
Yes, that's a very good question. Thank you, Bob. JFrog Advanced Security was released just a few weeks ago. And what we see from the market is that the excitement and the interest around it really shows a very high demand for what we've released. But we have to think about why it's unique. It's unique because of the technology that is focused on the binary, which is the only way to control and manage your software supply chain. It's also unique because it comes with the platform. So not a point solution that focuses on one capability that you need in your software delivery process, but the full holistic end-to-end solution together with the registry, with the repository distribution and so on. In terms of the go-to-market, as we introduced in our updated pricing page to our two new packages that include JFrog Advanced security on top of the DevOps capabilities, that's a new product line that we will keep investing in, and you will see more and more evolution of our security at the core. Regarding the sales force, obviously, we have experts in the domain, not only on the sales side, but also the solution engineers and the architect side, and the idea of having a full solution requires people to understand not only security and what is the pain that we are solving for our customers, but how this is embedded into a full platform play. So the answer is yes on the three aspects, the technology, the full platform and the go-to-market and the sales to market.
Bob Guan, Analyst
Okay. That's really helpful. Just a follow-up question on the Advanced Security pricing. If, let's say, a current DevOps customer is spending about $100 today, how much of that would go to the Advanced Security? Like if they were to adopt Advanced Security, how much of that $100 would go towards that?
Shlomi Ben Haim, CEO
We are currently in the introductory phase of our Advanced Security subscriptions. As you may have noticed, the pricing for monthly customers has increased to $3,400 per month. For platform users, the pricing is customized and varies based on the volume and methodology they use to scan their binaries. It is important to note that this is a usage-based business model and we are still learning how customers will utilize it and their patterns. We just launched this about two weeks ago, so it's too early to determine the immediate impact on customer distribution. However, we strongly believe that Advanced Security will significantly drive our revenues over time. I’d like to expand on what Jacob mentioned by emphasizing two key points about our go-to-market strategy for Advanced Security. First, we are aligning the value of our technology with customer needs, charging based only on the artifact scans per binary. As Jacob noted, it’s a consumption model in Advanced Security, whether it’s an on-prem or cloud installation. Second, it’s crucial to understand that JFrog's security capabilities and some features highlighted in the earnings call replace multiple point solutions. Thus, when considering developer spending, you can see the replacement of several security tools across the software supply chain.
Operator, Operator
We'll go now to Pinjalim Bora from JPMorgan.
Pinjalim Bora, Analyst
Great. Congrats on the call. Thanks for taking the questions. One question on Advanced Security staying on the pricing question. We noticed that you kind of folded the optional x-ray price, I believe, with the enterprise X. Previously, it used to be optional. Now it seems like it's not. Is that a change for new customers? How would that impact existing customers if they have to choose a higher pricing when they come for now? Maybe some color there would be helpful.
Jacob Shulman, CFO
Yes, I'll address that question. For self-managed customers, we made some mandatory changes some time ago. Starting in the second quarter of 2021, we eliminated the enterprise subscription option and made the enterprise ex-subscription mandatory. Therefore, nearly all self-managed customers currently have an additional mandatory component of the Enterprise subscription, which includes X-ray. Advanced Security requires X-ray, so only customers with X-ray can take advantage of Advanced Security features. Consequently, we see enterprise X customers and rise Plus customers utilizing those security capabilities. In our cloud sales business, we also made a slight adjustment to our subscription structure to benefit enterprise customers. Typically, our customers tend to use volumes that surpass a package, which means it doesn't significantly impact our overall business.
Pinjalim Bora, Analyst
I see. Understood. Okay. And is it possible to quantify the cloud optimization adjustments that you thought that customers made? Any way to quantify that? What was the impact in Q3?
Jacob Shulman, CFO
Again, it's primarily affecting customers who use the pay-as-you-go business model. Our annual customers, as you know, have a minimum commitment. Overall, we observe that both pay-as-you-go and annual commitment usage continue to grow. However, the usage among basic customers can be unpredictable from one period to another. We did see some fluctuations during Q3. It’s challenging for us to quantify this precisely, as such volatility often results from the timing of various projects and initiatives. We are aware that some customers are optimizing their usage because we communicate with them to gain insight into their future plans and how we can help them grow, but quantifying this is quite difficult.
Operator, Operator
Our next question is Jason Ader, William Blair.
Jason Ader, Analyst
Jacob, did you guys provide an initial view on 2023? Or is that something you're willing to talk about?
Jacob Shulman, CFO
No, we currently are not providing any guidance for 2023. As Shlomi noted, we see a lot of opportunities for us to continue to grow within existing customers. We introduced new capabilities on cloud and on-prem. But still, we said that we're not immune ahead of macroeconomic environment, and we filled earnings. So therefore, we're not ready to guide for 2023.
Jason Ader, Analyst
Okay. So you're going to wait till next quarter, basically.
Jacob Shulman, CFO
Yes.
Shlomi Ben Haim, CEO
Yes. Jason, in terms of the go-to-market and as the market follows, we've been very consistent with adding more capabilities and reinforcing our platform. Today, JFrog supports the world's biggest enterprises, and we have to scale to the level of expectations. So what you see us adding not only on the DevOps front, but also on the security front, together with the Vdoo acquisition on the IoT front, together with the Upswift acquisition. All the services around that with special support and operational services if needed, the hybrid methodology that allows enterprises to migrate some workloads to the cloud and still have the on-prem instances, this is very much aligned with what we see in the market. Obviously, most of the value we bring comes at the enterprise level. And you also see that in the numbers, the number of customers over $100,000 number of customers over $1 million, the number of platform adoption really encourages us that we are making the right decision at the go-to-market and the technology that leads that.
Jason Ader, Analyst
And you talked about cloud marketplace, does that become a more significant channel for you?
Shlomi Ben Haim, CEO
Yes. So we invest a lot in co-marketing and co-selling together with all clouds. We have great relationships with the major clouds, and we expand that. The philosophy of multi-cloud also finds very high demand from big organizations that need to follow some regulation and strategic decisions. So having this private offer co-selling at the marketplace, having this collaboration with the cloud, obviously increases our ability to grow with our customers and to land at higher volumes in new customers.
Jacob Shulman, CFO
If we just may add to that, Jason, it's when the customer has commitment to large cloud providers, it's much easier for us to work after marketplace. It's therefore, the majority of our largest deals in cloud came through the marketplace and we work together with this cloud to close those deals.
Operator, Operator
We will now hear from Michael Turits, KeyBanc Capital Markets.
Unidentified Analyst, Analyst
This is Billy on for Michael. I want to ask about last quarter when you mentioned similar macro challenges, like longer deal cycles and more layers of approval. Have you made any adjustments to your sales strategy or how your team approaches deals to address this increased scrutiny? Thanks.
Jacob Shulman, CFO
Yes, we are definitely taking a more proactive approach, recognizing that it may take our customers longer to finalize deals. We reach out to them sooner and collaborate closely to better understand their plans, and sometimes even engage with partners like cloud alliances to assist customers in accelerating projects related to cloud migration.
Shlomi Ben Haim, CEO
Michael, if I may add to it. The other side of it is that when you come with a platform, a full platform, a robust, scalable platform that also comes with a hybrid story, there is a very good chance that JFrog will displace a few vendors. And what we see in the end market is that part of preparing themselves for a recession is also consolidating different solutions into one. So we are planning, as Jacob mentioned, we are going proactive with that. I think that we have a great story to tell not just from the technology side, but also from the end-to-end solution side.
Operator, Operator
We now go to Rob Owens, Piper Sandler.
Ethan Weeks, Analyst
Hi, thanks for taking my questions. This is Ethan Weeks on for Rob Owens. I wanted to ask about the enterprise plus mix as a percent of revenue. It looks like it was really strong this quarter, up to 39%, a big quarter-over-quarter increase compared to what we've seen in the past couple of quarters. I'm just curious if you guys are seeing some broader consolidation tailwinds or some of these more Advanced Security capabilities are customers move up compared to historical levels? Thanks.
Jacob Shulman, CFO
I will take that question. The reason for growth, and we're very encouraged by this growth, I'm happy to see this growth in our enterprise class solution is continued adoption of our end-to-end platform capabilities. Specifically, many customers realize that it's not enough for them just to be efficient on the developer side - development side of the software. They need to take software to the market. Our distribution capabilities help them to achieve that. Therefore, we see more and more customers adopting the platform to utilize this full DevOps flow all the way from developer to the market. We continue to see that the primary reason for adoption of the platform distribution capabilities, Advanced Security will also be available for enterprise plus customers. Again, so far, we launched that on cloud only, and it will become available for self-hosted customers early in 2023. So, so far with the numbers you see, they're not impacted by Advanced Security because we just launched early in Q4. It just continuous adoption of DevOps practices end-to-end solution offered by JFrog. And JFrog is the only company today that offers these capabilities.
Ethan Weeks, Analyst
Got it. That makes a lot of sense. And then just as a follow-up, I was curious about the performance of the U.S. Federal in the quarter, what did you see? And how did it trend compared to your expectations going into the quarter? Thanks.
Jacob Shulman, CFO
Our U.S. federal business is relatively material and we haven't seen any significant changes so far, just because it's.
Operator, Operator
We'll go next to Mike Cikos for a follow-up.
Mike Cikos, Analyst
Hi guys. Thanks for letting me back on here. I did just want to try and take another stab. Maybe some of this macro volatility or customer behavior when we're thinking about the pay-as-you-go customers versus those utilizing those minimum annual commitments. Maybe it would be helpful just to have broad brush strokes here, but can you help us think about the percentage of your revenue or the percentage of your customer base that currently uses pay-as-you-go? I think that might help people start to get a better feel for how these customers are trying to adjust their spend in the current environment. Any color there would really be helpful.
Jacob Shulman, CFO
Yes. Today, pay-as-you-go is about one-third of our SaaS business. So a majority of our SaaS business is annual, a typical customer journey would be when a small customer lands on pay-as-you-go, they continue to use the platform and capabilities when they reach a certain level of usage that would typically transition to annual minimum commitment because they already understand the capabilities and see the value, and because they can get some price discounts because of the annual commitment, and that's what they use. So we see more and more customers joining on cloud to pay-as-you-go; we continue this group continue to grow. Each of the customers could be volatile again as it could be a result of adopting new capabilities, optimizing, timing of the project, et cetera. But overall, the trend of this customer group is up, and we're encouraged to see that as a group, these customers continue to grow, despite the fact that some of them transitioned during the quarter to the minimum annual commitment.
Shlomi Ben Haim, CEO
Plus the fact, Mike, that what Jacob mentioned is the natural cloud flow. We also see a trend of migrating to the cloud. And these are customers that are using our on-prem solution and are already familiar with the platform, already familiar with the technology and the services and migrating to the cloud, while they are doing that, usually, they will end immediately on an annual contract to not start all the way from the beginning.
Operator, Operator
Next up, we'll hear from Ittai Kidron, Oppenheimer.
Ittai Kidron, Analyst
Thanks. A couple of questions from me. First on the gross margin. It did tick up quarter-over-quarter even though your cloud mix is higher. So Jacob, maybe kind of walk us through that a little bit what's behind that?
Shlomi Ben Haim, CEO
That's continued effort to improve efficiency of our cloud, some operation operating cost-saving initiatives which evolving process. We continue to do that. And that's the reason for our cloud to be for overall margins to be better because our margins on our SaaS business improved during the quarter.
Ittai Kidron, Analyst
Good. So we should not assume any gross margin deterioration in the future as cloud goes up in mix. Good.
Shlomi Ben Haim, CEO
Still, gross margins for our SaaS business are lower than corporate margins. Therefore, the bigger the portion of our SaaS business, we will see this trend to go to lower areas over churn periods over a long time. Meanwhile, as we said in prepared remarks, we expect the gross margins to stay between 83% and 84% in the immediate future.
Ittai Kidron, Analyst
Okay. All right. Then second question regarding '23. I know Jason tried to get some color on fiscal '23. Are there any kind of puts and takes, though, you want us to keep in mind as we think about '23. And maybe you could talk about how big your renewal base is going to be in that year. Is it got to be average or substantially lower or higher? I don't know, like from a cohort standpoint, what comes up for renewal and how do we think about that?
Jacob Shulman, CFO
Yes. So a majority of our SaaS business is annual for annual contracts; about one-third of the business on SaaS is monthly, two-thirds slightly above that is annual, about 80% of our self-managed business is annual and the rest is not yearly. So we do continue to see significant renewal base every year. We're encouraged to see that the renewals continue to be strong, comparable to historical levels. Churn, again, is very minimal. We have very sticky products. Our cloud continues to grow much faster than self-managed. We will introduce new capabilities to self-managed solutions in 2023 in the security area. So we are entering the year very strong.
Shlomi Ben Haim, CEO
Shlomi here, I'll add one thing to it. When we are looking at essential infrastructure, I believe that you know a company no matter what company, when they bet on an infrastructure, usually, they take a long decision. This is not something that you replace on the developer machine. This is not something that you will create on the individual working station. Therefore, we keep investing in our infrastructure as the platform but customers that are betting on JFrog, those who chose JFrog this year, those who renewed this year, probably looking at the long run as they set up their security and DevOps, essential infrastructure, cloud or on-prem.
Ittai Kidron, Analyst
All right. Well, maybe I can expand on this, Shlomi a little bit. When I think about the current environment, there's an argument to be made, right, on the negative side of it is that in times of financial distress, IT departments are probably trying to do as little as possible and not take risk on your systems and just keep what they have for another year and then evaluate later. On the flip side, your platform now enables customers to consolidate multiple points and create savings. So in this push and pull situation here, how do you think the deck is stacked out for you over the next couple of quarters with the macro environment a bit more challenging. Is it on the net positive or the net negative or perhaps neither here nor there, but we'd love to get your perspective on this.
Shlomi Ben Haim, CEO
That's a very good analysis of what we see. Without dismissing the macro economy, when you look at the advanced security issues in 2022 and 2021, it's clear that the software supply chain security faced significant challenges. This concern is not only highlighted by JFrog but is also being addressed by the White House. New regulations from the British Parliament are emerging that guide how to connect your software supply chain. The global awareness is growing that the only way to fully protect your software supply chain is by safeguarding the binaries. Therefore, I believe that customer organizations and enterprises do not have an option but to upgrade from outdated security solutions. They will need to consider consolidating their security solutions and gaining control over their binaries. JFrog effectively addresses all these aspects. I anticipate an increase in the adoption of our platform, along with the consolidation of a comprehensive DevOps solution that includes robust software supply chain security, rather than just piecemeal solutions offered by some vendors. We provide the best database for security vulnerabilities, with the most updated information, having released more zero-day vulnerabilities than any other vendor globally in 2022. Thus, we are optimistic about what we are building, focusing not only on security but also on integration with a depository.
Ittai Kidron, Analyst
Okay. Maybe if I may, then the last one, Shlomi just on this, and I'm asking this because I don't really know the answer. Are there security threats that are specific to binaries that will not show up in code, but will only show up in binaries. I'm trying to think how specific the threat is to that level of insight that clearly you have a great vantage point to and code repositories don't. So what is unique about binaries that there are threats there that cannot be picked up with normal code scanning?
Shlomi Ben Haim, CEO
I appreciate this question. I will keep it brief because there's no developer who would claim that static analysis alone can secure your software supply chain. Along with binaries comes metadata, defenses, and essential information regarding the flow of these packages. For instance, with Log4j, it’s not just about finding the initial vulnerabilities; it's also about identifying all dependencies used by developers across various environments. With Artifactory, you have a single point of truth, and when paired with JFrog Advanced Security, you're not only utilizing the best data but also gaining control over it. You have the capability to monitor all dependencies associated with the binaries across different fields, teams, and environments, which is something traditional code analysis cannot achieve.
Operator, Operator
Everyone at this time, there are no further questions. I'll hand things back to management for any additional or closing remarks.
Shlomi Ben Haim, CEO
Thank you, everyone, for joining us to our Q3 earnings call. We are very excited about the progress the company has made. And may the Frog be with you. Thank you, everyone.
Operator, Operator
That does conclude today's conference. We would like to thank you all for your participation today. You may now disconnect.