JFrog Ltd. (FROG) Q3 2022 Earnings Call Transcript

JFrog Ltd. (NASDAQ:FROG) Q3 2022 Earnings Conference Call November 2, 2022 5:00 PM ET

Company Participants

Jeff Schreiner – VP of IR

Shlomi Ben Haim – CEO and Co-Founder

Jacob Shulman – CFO

Conference Call Participants

Mike Cikos – Needham & Company

Brad Reback – Stifel

Kingsley Crane – Canaccord

Bob Guan – Morgan Stanley

Pinjalim Bora – JPMorgan

Jason Ader – William Blair

Ethan Weeks – Piper Sandler

Ittai Kidron – Oppenheimer

Operator

Ladies and gentlemen, thank you for joining us, and welcome to JFrog’s Third Quarter 2022 Earnings Conference Call.

I’ll hand the conference over today to Jeff Schreiner, VP of Investor Relations. Jeff, please go ahead.

Jeff Schreiner

Good afternoon, and thank you for joining us as we review JFrog’s third quarter financial results, which were announced following market close today via a press release. Leading the call today will be JFrog’s CEO and Co-Founder, Shlomi Ben Haim; and Jacob Shulman, JFrog’s CFO.

During this call, we may make statements related to our business that are forward-looking under federal securities laws and are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and including statements related to our future financial performance, including our outlook for the fourth quarter and full year of 2022.

The words anticipate, believe, continue, estimate, expect, intend, will and similar expressions are intended to identify forward-looking statements or similar indications of future expectations. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our views only as of today and not as of any other subsequent date.

Please keep in mind that we are not obligating ourselves to revise our public release the results of any revision to these forward-looking statements in light of new information or future events. These statements are subject to a variety of risks and uncertainties that could cause actual results to differ materially from expectations.

For a discussion of material risks and other important factors that could affect our actual results, please refer to our Form 10-K for the year ended December 31, 2021, filed with the SEC on February 11, 2022, and which is available on the Investor Relations section of our website and the earnings press release issued earlier today.

Additional information will be made available in our Form 10-Q for the quarter ended September 30, 2022, and other filings and reports that we may file from time-to-time with the SEC. Additionally, non-GAAP financial measures will be discussed on this conference call. These non-GAAP financial measures, which are used as measures of JFrog’s, performance should be considered in addition to, not as a substitute for or in isolation from GAAP measures.

Please refer to the tables in our earnings release for a reconciliation of those measures to their most directly comparable GAAP financial measures. A replay of this call will be available on the JFrog Investor Relations website for a limited time.

With that, I’d like to turn the call over to JFrog CEO, Shlomi Ben Haim, Shlomi?

Shlomi Ben Haim

Thank you, Jeff. Welcome, everyone, to our third quarter earnings call.

I’m proud to report yet another strong and fruitful quarter for JFrog. In Q3, JFrog exceeded the high end of our guidance across all metrics driven by the strength of our platform across our DevOps, security and IoT pillars. Our third quarter revenue was $72 million, reflecting 34% year-over-year growth. Our cloud revenue increased 60% year-over-year.

This is driven by expanded adoption of our platform and continued customer migration to move the cloud and hybrid environments. The list of global enterprise customers making JFrog a part of their backbone of their DevOps and DevSecOps process also continues to grow. Customers with ARR over $100,000 grew to 696 compared to 647 in the previous quarter, increasing 49% year-over-year.

Customers with ARR over $1 million increased sequentially to 18%, up from 17% in the previous quarter and up 29% year-over-year. Our trailing four quarters’ net dollar retention was 130%. As the single source of tools and system of record for our company software delivery, the JFrog platform, which is the only binary focused end-to-end solution continues to be mission-critical for our customers.

We’re proud to be our customers’ strategic partners and thankful for their trust. Now allow me to elaborate on how this played out in Q3 with some key things. First, the growth in full platform adoption demonstrating maturing needs for end-to-end DevOps and DevSecOps consolidated solutions. Second, a growing interest in our binary focused security solutions, including our recently released Advanced Security offering.

Third, the ongoing transformation of companies managing their software supply chain process in the cloud and enterprise DevOps migration to the cloud. And fourth, the growing need to bridge DevOps and security with IoT and connected devices. Let’s begin with the increased adoption of our platform. We have been very encouraged by the ongoing adoption of our Enterprise Plus subscription by some of the world’s largest enterprises.

The trend of the growing number of Enterprise Plus customers and its increasing revenue contribution supports our view that the market needs more mature end-to-end solutions. Our customers tell us how they use JFrog platform to import, bid, manage, secure and distribute binaries to production and how vital our solution is to their full software supply chain flow.

We recently attended Morgan Stanley’s Innovation Summit, a conference the firm has hosted for 20 years, where the bank tech leadership reviewed our joint plans moving forward. Just a few years ago, they began with an initial deployment of self-hosted Artifactory and expanded to security and distribution, adopting the JFrog platform on-prem and in the cloud.

Morgan Stanley’s Global Head of Enterprise Technology Architecture, modernization and DevOps, Trevor Brosnan, summarize it best, and I’m quoting. “JFrog’s focus and vision to provide published anywhere, available everywhere platform uniquely addresses Morgan Stanley’s needs for a modern DevOp solution with global scale everywhere we operate on-prem, in any cloud and more importantly, near the edge of service. We continue working together to mature the next generation of software distribution with fully managed controls at enterprise scale”.

We are honored to have a visionary like Morgan Stanley as a customer and excited to keep improving our platform players scale as today’s words enterprises demand. a full scalable 360 binary life cycle management to automate their software supply chain security. Second, our security pillar, we recently released our most significant set of security capabilities to date, JFrog Advanced Security.

We introduced the world to the first DevOp contract security solution that is focused on binaries. Why is it unique? JFrog serves as our customers’ single source of tools for all binaries, whether it was built in-house or brought in as open source packages. Binaries are the only way development teams can fully control, automate and secure the entire software supply chain flow as binary includes all the data about how they were created, built, tested and what the other part of application they depend upon or impact.

Any security tool that attempt to provide a software supply chain solution will either need to deeply integrate with JFrog Artifactory or build a binary repository. JFrog has released a set of capabilities that natively integrates with Artifactory. Therefore, JFrog is able to provide security with a unique perspective the concept of better software supply chain security is simple. If you don’t control and own the binaries, you can secure them.

With features like leak secure detection, contextual analysis and malicious package scanning, just to name a few, included in JFrog Advanced Security, we are branching out of the software composition analysis area to secure the left and right of Artifactory. The market acknowledge developers became the targets of hackers and the world already suffered from incidents Log4j [indiscernible] or other vulnerable binaries that exposes the all organization to a risk.

This combination of holistic security with the power of the JFrog platform controlling and watching the binary life cycle will address the need for a new era of software supply chain security threats. We are happy to see industry leaders like Google Cloud, looking at binary authentication as a critical aspect for software supply chain security. We are positive that more security solutions will follow JFrog and acknowledge binaries as the primary asset to secure in a modern software delivery flow.

Third, cloud growth, migration and standardization, JFrog leads the philosophy of hybrid and multi-cloud DevOps strategy and our customers tell us that it is here to stay. For most enterprises, this essential infrastructure migration is a multiyear effort that involves a gradual strategic change over time. JFrog’s hybrid approach enables them to move workloads on pace while adhering the standards and regulations.

In Q3, one of the world’s top 3 largest automobile manufacturers joined JFrog as a new customer — this multimillion dollar deal that was completed in partnership with cloud marketplace included a full adoption of the JFrog platform and notably originated through community efforts around Konan. JFrog opens our Clas package manager, preferred by many automotive and IoT groups.

These customers look at DevOps and deep SaaS solution that can scale and centralize global development. They emphasize the need for binary management, universality, security and distribution, which was perfectly aligned with the JFrog solution. They migrated from Sonopet Nexus to the JFrog platform looking to standardize on the cloud and evolve during the era of electric vehicles.

Another example of shifting DevOps to the cloud with JFrog came from an existing customers, 1 of the most recognizable heavy equipment manufacturer in the U.S., signing a deal with over $500,000 ARR.

In addition to migration, this company was also looking to standardize their software distribution process and remove manual, time-consuming tasks across all their software delivery pipelines. And now to the early emergence DevOps for IoT. In Q2, we announced the availability of J4Connect.

Now in Q3, we saw the first large deal generated by JFrog Connect intend them with the JFrog platform. An international defense electronics company chose JFrog to manage one of Western Europe’s technology advanced on forces full DevOps flow to enable over-the-air software updates to the edge. In this case, the edge is heavy military equipment, such as combat vehicles. In the software Duverne, modern defensive equipment can’t operate without updated software.

However, today, a soldier is required to update each edge with a flash drive manually. In a real-world implementation of our liquid software vision, this process will be automated and will bridge DevOps practices with over-the-air solutions, allowing continuous updates to the field. Again, binaries are the only software asset that is being deployed on the device. — can now be managed and distributed by Artifactory continuously secured by JFK security deployed and monitored all the way to the edge by JFrog Connect.

We look forward to working with more customers to build and mature this adoption at the edge, yet another task that will land on the developer’s plate in the future. The CEO of Ford Motor Company noted it clearly a few weeks ago, as we shared the next era of transformation for his organization and quoting.

The next revolution in auto is digital. And fourth, intends to lead that revolution. We are turning our vehicles into generators of data that will receive continuous updates. We are proud at JFrog liquid software and continuous update vision leads this change and becoming a reality.

I now want to address the ongoing macroeconomic challenges and geopolitical impact. Many of our customers and communities are facing. Customers around the globe are looking at ways to increase efficiency and to improve their cash flow and operations through vendor consolidation and more focused strategic areas of investments.

With our business efficiency and growing market demand for DevOps and security holistic offerings, we are positioned well to face macroeconomic headwinds. We see the opportunity that customers will use an essential infrastructure like JFrog platform to consolidate across DevOps and DevSecOps and replace legacy processes or point solutions. However, JFrog is not immune to these macro-driven headwinds, and we continue to see longer sales cycle, additional budget approval requirements and project delays.

As we step into the last quarter of 2022, I would also like to note that we stayed committed to our plans to finish the year breakeven as we operate and run a solid business that not only build value for our shareholders, innovate and pioneer the DevOps market, serve thousands of customers but also being at home for over 1,000 worldwide.

We take pride not only in our technology and business success, but also its resiliency during trouble times. Before I hand the call to Jacob, I want to extend a warm welcome to the newest member of JFrog Board, Yvon Wossner. With over 30 years of experience in enterprise software, cybersecurity and cloud Yvon lipped into our Board as she brings a rest of industry expertise and go-to-market acceleration strategies that will help drive the company’s advancement in DevOps, security and IoT markets.

With that, I’ll turn the call over to our CFO, Jacob Shulman, who will provide an in-depth recap of Q3 results and update you on our outlook for both Q4 and fiscal year 2022. Jacob?

Jacob Shulman

Thank you, Shlomi, and good afternoon, everyone.

During the third quarter, total revenues were $72 million, up 34% year-over-year. Expansion in our cloud business continued with revenues of $21 million, up 60% year-over-year, representing 29% of total revenues, driven by new customer wins and increased usage within security and DevOp solutions.

We are pleased with continued growth momentum in our SaaS business despite some optimization of usage by our customers that we experienced during the quarter. We saw customers adjusting their usage patterns to get some cost savings as well as utilize better pricing by moving from PayGo subscription to minimum annual commitments.

Nevertheless, we believe our SaaS business will continue to grow rapidly by expansion of DevOps and security solutions as well as new customer lands on the cloud. We reiterate our belief that the baseline growth rate for our cloud business remains in the mid-50s percent range with potential upside from customer usage as we have seen so far in 2022.

Self-managed revenues for on-prem were $51 million, up 26% versus the third quarter of 2021. On a year-over-year basis, growth in our self-managed revenues continue to be persistent, even as vast majority of our new customers are first landing on the cloud and many large on-prem customers are gradually migrating toward hybrid deployments. We believe JFrog’s hybrid solution allows freedom of choice, providing more control over how and when customers transition to the cloud.

We view our support for hybrid, coupled with continued growth in self-managed deployments as future drivers of solid growth in our on-prem business. Net dollar retention for the 4 trailing quarters was 130%, in line with our prior commentary. As of the quarter end, we had 696 customers with ARR of over $100,000, up from 647 customers as of June 30, 2022, and up 49% from 466 at the end of Q3 of 2021. We also grew the number of over 1 million ARR customers to 18, up 29% year-over-year.

As we discussed in the past, adoption of the full platform is a key factor in the increasing size of our customers. In Q3 of 2022, 39% of our revenue came from enterprise plus customers, up from 34% in Q3 of 2021.

Now let me discuss the income statement in more detail. Gross profit in the quarter was $60.6 million, representing a gross margin of 84.2% compared to 84.5% in the year ago period. We expect gross margins will remain between 83% and 84% in the near future and then turn toward the low 80s over the long term as cloud revenues become a greater portion of our total revenue.

Operating expenses for the third quarter were $59.4 million or 82% of revenues, up from $44.1 million or 82% of revenues in the year ago period. Our operating expenses grew approximately $600,000 sequentially as we initiated previously announced operational efficiencies. While we continue to invest strategically within R&D and build out our enterprise sales and channel relationship for the long term, we also have continued to look for ways to enhance productivity and reduce costs.

Non-GAAP operating profit in Q3 was $1.2 million or 1.7% operating margin compared to an operating profit of $1.3 million or a 2.5% operating margin in the year ago period. We turned back to profitability this quarter as non-GAAP net income in the quarter was $1.8 million, with earnings per share of $0.02, based on approximately 105 million weighted average diluted shares outstanding compared to a loss per share of $0.02 in the previous quarter.

Turning to the balance sheet and cash flow. We ended the quarter with $434 million in cash and short-term investments, up from $430.2 million as of June 30, 2022. Cash flow from operations was $5.1 million in the quarter. After taking into consideration CapEx, free cash flow was $3.8 million. We remain committed to accelerating our free cash flow margin towards our long-term target of 30% over the coming years. As of September 30, 2022, our remaining performance obligations totaled $189.8 million.

As Shlomi noted, the overall global macro environment remains challenging. However, I’m proud to say that our renewal rates remain high, usage remains high and some of the world’s biggest companies are turning to JFrog to make them more efficient, more secure and more scalable. We have already implemented some cost savings initiatives, and we’ll continue to do so as we navigate these uncertain times.

We remain consistent with our forward guidance methodology, working to balance the macro challenges faced by the global economy and the opportunities we see to expand JFrog’s role in the software supply chain. For Q4, we expect revenue to be $76.5 million to $77.5 million, with non-GAAP operating profit between $1 million and $2 million and non-GAAP earnings per diluted share of $0.01 to $0.02, assuming a share count of approximately 106 million shares.

For the full year of 2022, we anticipate a range between $280 million and $281 million. Non-GAAP operating income is expected to be between $1 million and $2 million and non-GAAP earnings per diluted share of $0.01 and $0.02, assuming a share count of approximately 106 million shares. We guided to breakeven levels for fiscal 2022 and even with the headwinds created by the current environment, we’ll continue to execute on this commitment.

Now let me turn the call back to Shlomi for some closing remarks before we take your questions. Shlomi?

Shlomi Ben Haim

Thank you, Jacob.

As I’m wrapping up, I’d like to thank my team. I’m proud and honored to walk alongside the team driving this ground checking innovations. We look forward to partnering with our customers to drive their digital transformation and adopt a modern DevOps security and IoT solution with our platform. Thank you all for your attendance today and may the FROG be with you.

And now we’ll be happy to take your questions. Operator?

Question-and-Answer Session

Operator

Thank you, sir. [Operator Instructions] We’re going to take our first question from Mike Cikos, Needham & Company.

Mike Cikos

Hi guys, thanks for taking the questions here. I wanted to circle up on some of the commentary regarding the macroeconomic environment. And I know that you guys are saying, hey, you’re not immune. We are still seeing longer sales cycles, additional process approvals and these budget delays?

I know that we had called out some of these factors last quarter when we last caught up. Can you help us think about how your sales, cycles the extensions, are they getting worse versus where we were three months ago or is it spreading to different geographies versus what we were calling out last quarter? Any color there would be helpful?

Jacob Shulman

Hi Mike, this is Jacob. I will take this question. So overall, we see pretty comparable sales cycles comparable to last quarter. We did see slightly more weakness in Europe this time, partially driven also by stronger currency. As you know, which are our customers in U.S. dollars, and we’ve seen that strong dollar kind of makes our customers in Europe to think a bit longer before they commit to the project. But overall, we don’t see any significant changes in sales cycle lag.

Mike Cikos

Thank you for that. And if I could just squeeze in maybe two quarter here, but I know in the prepared remarks you guys had called out, I believe it was a competitive displacement versus Sonatype Nexus and just curious, can you help us think about when you are seeing those out there, who are the most common competitors that you’re bumping up against? Has there been any change on the competitive front?

Shlomi Ben Haim

Yes, hi Mike, this is Shlomi, take this question. So yes, we mentioned the large deal that we obtained this quarter and displaced some of that taxes. In terms of the full holistic platform that is focused on binaries. I think JFrog sends first, and we see less competition there. But if you break the platform to different capabilities, obviously, in the world of security, we see some point solutions that competes on the static analysis area and developers security.

On the package management, obviously, there are some solutions that are very limited in terms of the universality of the package and the binary they support. But we don’t see any vendor provide a full platform that is focusing on the binaries and secure your software supply chain, manage your binaries and also the distribution to the edge, more what we see at the front it’s homegrown solution that we are replacing and some emerging technologies that are trying to get into this market.

Operator

Next up, we’ll hear from Brad Reback, Stifel.

Brad Reback

Great, thanks very much. Jacob, on your optimization commentary on the SaaS product will that convert here into 4Q or was that pretty much confined from your standpoint to the September quarter?

Jacob Shulman

It really depends when customers initiated those changes. We’ve seen customers’ kind of gradually introducing those. We still believe that our SaaS business will continue to grow rapidly. We reiterated baseline for our sales growth at mid-fifties with potential upside from use as you know, Brad, we continue to introduce new capabilities in cloud and to present additional expansion opportunities for us. So we’re confident that our cloud will continue to grow rapidly.

Brad Reback

That’s great. And then Shlomi, do you still feel pretty good about your ability to sustain 30% organic growth, as you’ve talked about historically?

Shlomi Ben Haim

Yes.

Brad Reback

Perfect, thanks very much.

Operator

Our next question today comes from Kingsley Crane, Canaccord.

Kingsley Crane

Hi thanks for taking my question. So overall, your business appears to have held up quite nicely. I just want to take a step back, how sensitive do you think your platform is to cost rationalization in general? And do you think the nature of your platform makes it more defensible?

Jacob Shulman

Hi Kingsley, can you please repeat the question?

Kingsley Crane

Yes, so do you think – or how sensitive do you think your platform is to cost rationalization? And do you think the nature of your platform makes it more defensible versus something like a monitoring platform, for example.

Jacob Shulman

Yes, I’ll take and then Shlomi please feel free to chime in. First of all, we provide a lot of value to our customers. Our platform helps to significantly improve efficiencies of the software delivery process, and it is mission-critical tool for many of our customers.

Therefore, we believe that despite the fact that customers may be trying to utilize some optimization effort on SaaS, there is still significant need for them to expand our platform usage because they generate significant value from streamlining the software delivery processes.

Shlomi Ben Haim

Yes, well, regarding the platform I think that what we hear from our customers is that they are looking to consider the point solution into one solution that is centralized around the software supply chain. Software supply chain is being managed through the binaries, this is what you asked and this is what you promote, this is what you distribute, and this is what you secure with the latest release of Chief of Event Security with the release of JFrog Connect.

We actually provide our customers with portability to take the binaries from the development phase, all the way to the deployment at the edge. Customers find that very appealing, plus the fact that it’s available as an on-prem solution and cloud solution on every cloud almost in every region so that’s becoming an essential part of the decision taken when you speak about the essential infrastructure migration in our customer set.

Kingsley Crane

Really thank you, that’s really helpful. And just one follow-up would be I want to talk more about your large Connect deal. What did you learn in the process that can help with other deals going forward? And how would you gauge overall customer demand?

Jacob Shulman

Yes well, JFrog Connect is something that we announced in Q2 in addition to our platform. And we were very, very excited to see that the large project, a defense project in one of the European militaries, decided to take the leap after using Artifactory and X-ray, Artifactory to all the binaries, X-ray to secure them to take the binaries all the way to the edge. Software update over the edge is the future.

And as we said in the past, security became part of the developer’s task, we know that in the future, deployment to the edge, over-the-air update will be part of the developer desk. So building that as part of our platform, being able to deploy this update over the year as the combat vehicle is running is a big, big change. And currently, in the market, JFrog is the only platform that provides this capability.

Kingsley Crane

Okay very helpful, thank you.

Operator

Our next question today comes from Bob Guan, Morgan Stanley.

Bob Guan

Hi, This is Bob filling in for Sanjit. Just for starters, just to think about your security product strategy. Do you have to change your go-to-market motion or do you have to invest in additional specialist sales teams or security teams to really have your product adopted or is that the way to think about it?

Shlomi Ben Haim

Yes, that’s a very good question. Thank you, Bob. JFrog Advanced Security was released just a few weeks ago. And what we see from the market is that the excitement and the interest around it is really shows a very high demand for what we’ve released. But we have to think about why it’s unique. It’s unique because of the technology that is focused on the binary, which is the only way to control and manage your software supply chain. And it’s also unique because it comes with the platform. So not a point solution that focus on one capability that you need in your software delivery process, but the full holistic end-to-end solution together with the registry, with the repository distribution and so on.

In terms of the go-to-market, as we introduced in our updated pricing page to our two new packages that includes JFrog Advanced security on top of the DevOps capabilities and on top of, that’s a new product line that we will keep investing in, and you will see more and more evolution of our security at the core.

Regarding the question of the sales force, obviously, we have experts in the domain, not only on the sales side, but also the solution engineers and the architect side, and the idea of having a full solution requires people to understand not only security and what is the pain that we are solving for our customers, but how this is embedded into a full platform play. So the answer is yes on the three aspects, the technology, the full platform and the go-to-market and the sales to market.

Bob Guan

Okay. That’s really helpful. Just a follow-up question on the Advanced Security pricing. If, let’s say, a current DevOps customer is spending about $100 today, how much of that would go to the Advanced Security. Like if they were to adopt Advanced Security, how much of that $100 would go towards that?

Shlomi Ben Haim

So currently, in the introductory phase of our Advanced Security subscriptions. And obviously, you saw the pricing to monthly customers, it’s increased to $3,400 per month. platform players, it’s customized price and it’s dependent on the volume and a methodology that customers use to scan their binary. Therefore — and just keep in mind that this is more usage-based business model and we’re still learning the customer — how customers would use that and their patterns. We just launched about two weeks ago. So it’s too soon to tell exactly what would be the immediate impact on customers’ distribution. But we definitely believe that the Advanced Security over time will be a significant driver to our revenues.

I will follow up on what Jacob mentioned and maybe emphasize two things regarding the way we build the go-to-market for Advanced Security. A, we are aligning the value of our technology with the needs of the customers. So we are charging only their artifact scans per binary scanning.

As Jacob mentioned, it’s a consumption model in the Advanced Security, whether it will be an on-prem installation or cloud installation. And B, and this is very important, JFrog security capabilities and some of the features that we mentioned in the earnings call replace several point solutions. So if you think about the developer dollar spend, you can think about displacements of not just one security tool but many across the software supply chain flow.

Operator

[Operator Instructions] We’ll go now to Pinjalim Bora, JPMorgan.

Pinjalim Bora

Great. Congrats on the call. Thanks for taking the questions. One question on Advanced Security staying on the pricing question. We noticed that you kind of folded the optional x-ray price, I believe, with the enterprise X. Previously, it used to be optional. Now it seems like it’s not. Is that a change for new customers how would that impact existing customers if they have to choose a higher pricing when they come for now? Maybe some color there would be helpful.

Jacob Shulman

Yes. So Pinjalim, I’ll take this question. If you call for self-managed customers, we made extra mandatory already some time ago. Effective second quarter of 2021, we eliminated enterprise subscription and made enterprise ex-subscription mandatory. So pretty much every self-managed customer today has extra mandatory portion of the Enterprise subscription.

And obviously, x-ray is also included in enterprise. Now Advanced Security requires x-ray. And therefore, only customers who have x-ray has the ability to utilize Advanced Security capabilities. Therefore, we see these customers enterprise X and the rise Plus customers, those who would be utilizing event security capabilities.

On cloud, on our sale business, — we also made a slight adjustment to our subscription structure to make enterprise customers for the base back. Typically, we see that our customers use and volumes that exceed a package. And therefore, it doesn’t have any significant impact on our business.

Pinjalim Bora

I see. Understood. Okay. And is it possible to quantify the cloud optimization adjustments that you thought that customers made? Any way to quantify that? What was that impact in Q3?

Jacob Shulman

Again, it’s primarily happening to customers who on pay-as-you-go business model. As you know, our annual customers have a minimum commitment. Overall, we see that both groups pay-go and annual commitment usage continues to grow. Now each of the basic customers could be volatile from period-to-period.

And we did see some volatility during Q3. It’s hard for us to exactly quantify that because this volatility sometimes comes also as a result of timing of different projects and initiatives — the reason we noted that, and we know that some of the customers doing optimization is because we talk to the customers to better understand their future plans and how we can expand them, but it’s really hard to quantify that.

Operator

Our next question is Jason Ader, William Blair.

Jason Ader

Jacob, did you guys provide an initial view on 2023? Or is that something you’re willing to talk about?

Jacob Shulman

No, we currently not providing any guidance for 2023. As Shlomi noted, we see a lot of opportunities for us to continue and grow within existing customers. We introduced new capabilities on cloud and on-prem. But still, we said that we’re not immune ahead of macroeconomic environment, and we filled earnings. So therefore, we’re not ready to guide for 2023.

Jason Ader

Okay. So you’re going to wait till next quarter, basically.

Jacob Shulman

Yes.

Jason Ader

Okay. And then for you, Shlomi, can you give us an update on your go-to-market motions and how these have evolved since the IPO? And maybe are there any areas that have surprised you to the upside or the downside?

Shlomi Ben Haim

Yes. Jason, in terms of the go-to-market and as the market follows, we’ve been very consistent with adding more capabilities and reinforce our platform. Today, JFrog supports the world’s biggest enterprises, and we have to scale to the level of expectations. So what you see us adding not only on the DevOps front, but also on the security front, together with the Vdoo acquisition on the IoT front, together with the Upswift acquisition.

All the services around that with special support and operational services if needed, the hybrid methodology that allow enterprise to migrate some workloads to the cloud and still have the on-prem instances, this is very much aligned with what we see in the market. Obviously, most of the value we bring comes at the enterprise level. And you also see that in the numbers, the number of customers over $100,000 number of customers over $1 million, the number of platform adoption really encourage us that we are taking the right decision at the go-to-market and the technology that leads that.

Jason Ader

And you talked about cloud marketplace, does that become a more significant channel for you?

Shlomi Ben Haim

Yes. So we invest a lot in the co-marketing and co-sale together with all clouds. We have great relationship with the major clouds, and we expand that. The philosophy of multi-cloud also find a very high demand from big organizations that need to follow some regulation and strategy decisions. So having this private offer co-selling at the marketplace, having this collaboration with the cloud, obviously increase our ability to grow with our customers and to land on higher volume in new customers.

Jacob Shulman

If we just may to add to that, Jason, it’s when the customer have commitment to large cloud providers, it’s much easier for us to work after marketplace. It’s therefore, majority of our largest deals in cloud, they came through marketplace and we work together with this cloud to close those deals.

Jason Ader

Got you. And the unit economics are better for you when they go through the cloud marketplaces versus selling direct?

Jacob Shulman

Unit Economics is better, yes, correct.

Operator

We will now hear from Michael Turits, KeyBanc Capital Markets.

Unidentified Analyst

This is Billy on for Michael. I just want to ask about — so last quarter, you called out kind of similar macro headwinds like these longer deal cycles and increased approval layers. Just want to see if you made any changes to your selling motion or how your sales team approaches deals now to kind of counter this increased scrutiny. Thanks.

Jacob Shulman

Yes, we’re obviously becoming more proactive, knowing that it may take longer for our customers to close the deal. We contact them earlier. We work closely with them to better understand their plans — and many — sometimes even work with our partners like the cloud alliances to help the customers to maybe accelerate some of the projects from migration to cloud.

Shlomi Ben Haim

Michael, if I may add to it. The other side of it is that when you come with a platform, a full platform, a robust, scalable platform that also comes with a hybrid story, there is a very good chance that JFrog will displace a few vendors. And what we see in the end market is that part of preparing themselves to recession is also consolidating different solution into one. So we are planning, as Jacob mentioned, we are going proactive with that. I think that we have a great story to tell not just from the technology side, but also from the end-to-end solution side.

Operator

We now go to Rob Owens, Piper Sandler.

Ethan Weeks

Hi, thanks for taking my questions. This is Ethan Weeks on for Rob Owens. I wanted to ask about the enterprise plus mix as a percent of revenue. Looks like it was really strong this quarter, up to 39%, a big quarter-over-quarter increase compared to what we’ve seen in the past couple of quarters. I’m just curious if you guys are seeing some broader consolidation tailwinds or some of these more Advanced Security capabilities are customers move up period quarter compared to historical levels? Thanks.

Jacob Shulman

I will take that question. The reason for growth, and we’re very encouraged by this growth, I’m happy to see this growth in our enterprise class solution is continued adoption of our end-to-end platform capabilities. Specifically, many customers realize that it’s not enough for them just to be efficient on the developer side – development side of the software. They need to take software to the market.

And our distribution capabilities help them to achieve that. Therefore, we see more and more customers adopting the platform to utilize this full DevOps flow all the way from developer to the market. We continue to see that the primary reason for adoption of the platform distribution capabilities, Advanced Security will also be available for enterprise plus customers. again, so far, we launched that on cloud only, and it will become available for self-hosted customers early in 2023.

So, so far with the numbers you see, they’re not impacted by Advanced Security because we just launched early in Q4. It just continuous adoption of DevOps practices end-to-end solution offered by JFrog. And JFrog is the only company today that offer these capabilities.

Ethan Weeks

Got it. That makes a lot of sense. And then just as a follow-up, I was curious, the performance of the U.S. Federal in the quarter, what did you see? And how did it trend compared to your expectations going into the quarter? Thanks.

Jacob Shulman

Our U.S. federal businesses are relatively material and we haven’t seen any significant changes so far, just because it’s.

Operator

[Operator Instructions] We’ll go next to Mike Cikos for a follow-up.

Mike Cikos

Hi guys. Thanks for letting me back on here. I did just want to try and take another stab. Maybe some of this macro volatility or customer behavior when we’re thinking about the pay-as-you-go customers versus those utilizing those minimum annual commitments. Maybe it would be helpful just to have like broad brush strokes here, but can you help us think about the percentage of your revenue or the percentage of your customer base that currently uses pay-as-you-go? I think that might help people start to get a better feel for how these customers are trying to adjust their spend in the current environment. Any color there would really be helpful.

Jacob Shulman

Yes. Today, pay-as-you-go, it’s about one-third of our SaaS business. So majority of our SaaS business is annual, a typical customer journey would be when a small customer lands on pay-as-you-go, they continue to use the platform and capabilities when they reach a certain level of usage that would typically transition to annual minimum commitment because they already understand the capabilities and see the value and B, because they can get some price discounts because of the annual commitment, and that’s what they use.

So we see more and more customers joining on cloud to pay-as-you-go, we continue this group continue to grow. Each of the customers could be volatile again as it could be as a result of adopting new capabilities, optimizing, they have spent timing of the project, et cetera. But overall trend of this customer group is up, and we’re encouraged to see that as a group, these customers continue to grow, despite the fact that some of them transitioned during the quarter to the minimum annual commitment.

Shlomi Ben Haim

Plus the fact, Mike, that what Jacob mentioned is the natural cloud flow. We also see a trend of migrating to the cloud. And these are customers that are using our on-prem solution and already familiar with the platform, already familiar with the technology and the services and migrating to the cloud, while they are doing that, usually, they will end immediately on an annual contract to not start all the way from the beginning.

Operator

Next up, we’ll hear from Ittai Kidron, Oppenheimer.

Ittai Kidron

Thanks. A couple of questions from me. First on the gross margin. It did tick up quarter-over-quarter even though your cloud mix is higher. So Jacob, maybe kind of walk us through that a little bit what’s behind that?

Shlomi Ben Haim

That’s continued effort to improve efficiency of our cloud, some operation operating cost-saving initiatives which evolving process. We continue to do that. And that’s the reason for our cloud to be for overall margins to be better because our margins on our SaaS business improved during the quarter.

Ittai Kidron

Good. So we should not assume any gross margin deterioration in the future as cloud goes up in mix. Good.

Shlomi Ben Haim

Still gross margins for our SaaS business lower than corporate margins. Therefore, the bigger the portion of our SaaS business will see this trend to go to low areas over churn periods over a long time. Meanwhile, as we said in prepared remarks, we expect the gross margins to stay between 83% and 84% in the immediate future.

Ittai Kidron

Okay. All right. Then second question regarding ’23. I know Jason tried to get some color on fiscal ’23. Are there any kind of puts and takes, though, you want us to keep in mind as we think about ’23. And maybe you could talk about how big your renewal base is going to be in that year. Is it got to be average or substantially lower or higher? I don’t know like from a cohort standpoint, what comes up. Maybe you could talk about what comes up for renewal and how do we think about that?

Jacob Shulman

Yes. So a majority of our SaaS business is annual for annual contract about one-third of the business on SaaS is monthly, two-thirds slightly above that is annual, about 80% of our self-managed business annual and the rest is not the year.

So we do continue to see significant renewal base every year. We’re encouraged to see that the renewals continue to be strong, comparable to historical levels. Churn, again, very minimal. We have very sticky products. Our cloud continues to grow much faster than self-managed. We will introduce new capabilities to self-managed solutions in 2023 security area. So we entering the year very strong.

Shlomi Ben Haim

Shlomi here, I’ll add one thing to it. When we are looking at essential infrastructure, I believe that you know a company no matter what company, when they bet on an infrastructure, usually, they take a long on decision. This is not something that you replace on the developer machine. This is not something that you will create on the individual working station. Therefore, we keep investing in our infrastructure as the platform but customers that are betting on JFrog, those who chose JFrog this year, those who renewed this year, probably looking at the long run as they set up their security and DevOps, essential infrastructure, cloud or on-prem.

Ittai Kidron

All right. Well, maybe I can expand on this, Shlomi a little bit. When I think about the current environment, there’s an argument to be made, right, on the negative side of it is that in times of financial distress, IT departments are probably trying to do as little as possible and not take risk on your systems and just keep what they have for another year and then evaluate later. On the flip side, your platform now enables customers to consolidate multiple points and create savings. So in this push and pull situation here, how do you think the deck is stacked out for you over the next couple of quarters with macro environment a bit more challenging. Is it on the net positive or the net negative or perhaps neither here nor there, but we’d love to get your perspective on this.

Shlomi Ben Haim

That’s a very good analysis of what we see — without putting aside for a moment the macro economy, when you look at the advanced security, reward in 2022 and 2021 already suffered too much from holes in the software supply chain security. It’s not something that is being articulated by JFrog, the white house is speaking about it. Regulation from the British Parliament is coming with the instruction of how you should connect your software supply chain.

And the world start to understand that there is only one way to fully protect your software supply chain and it’s protecting the binary. So I don’t think that customers organization, enterprise are not actually have a choice. They will have to upgrade the legacy security solution. They will have to look at consolidation of security solutions. They will have to get control over their boundaries. And I think that what JFrog really answers all of the three.

So yes, I’m expecting to see a growth in the adoption of our platform and the consolidation of having a DevOp solution coming with a very strong software subtle supply chain security solution and not point solution or a feature here or it are there or some small research teams that some of the vendors are offering. We offer the best database in the world or security venerability, the most updated one by data, we released more zero-day than any other vendor in the world in 2022. So we are very positive around what we are building, not only for security, but security that comes with a depository as well.

Ittai Kidron

Okay. Maybe if I may, then last one, Shlomi just on this, and I’m asking this because I don’t really know the answer. Are there security threats that are specific to binaries that will not show up in code, but will only show up in binaries. I’m trying to think how specific the threat is to that level of insight that clearly you have a great vantage point to and code repositories don’t. So what is unique about binaries that there are threats there that cannot be picked up with normal code scanning.

Shlomi Ben Haim

I love this question. I will try to make a short because if an earnings call — there is no way. There is no developer in the world that will tell you that with static analysis and social security, you can protect your software supply chain. What comes with binaries is also the meta data and the defenses and everything that you need to know about where this package is flowing to. If you take, for example, the Log4j, it’s not only finding patients zero for Log4j. It’s also finding all the dependencies that all the developers in all deployment environment build with it.

So with Artifactory, it’s your single source of vehicle and with JFrog Advanced Security on top of it, you are not just running on the best data that you control, you actually control. You also have the ability to look at all the dependencies where the binaries are in all different fields, in all different teams, in all different environment. And that is impossible to be done with [indiscernible]

Operator

Everyone at this time, there are no further questions. I’ll hand things back to management for any additional or closing remarks.

Shlomi Ben Haim

Thank you, everyone, for joining us to our Q3 earnings call. We are very excited about the progress the company has done. And may the Frog be with you. Thank you, everyone.

Operator

That does conclude today’s conference. We would like to thank you all for your participation today. You may now disconnect.