Jfrog Ltd

NASDAQ:FROG

Ladies and gentlemen, thank you for joining us, and welcome to JFrog's Third Quarter 2023 Earnings Conference Call. I'll hand the conference over today to Shanti Ariker, Chief Legal Officer. Shanti, please go ahead.

Good afternoon, and thank you for joining us as we review JFrog's third quarter 2023 financial results, which were announced following market close today via a press release. Leading the call today will be JFrog's CEO and Co-Founder, Shlomi Ben Haim; and Jacob Shulman, JFrog's CFO. During this call, we may make statements related to our business that are forward-looking under federal securities laws and are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including statements relating to our future financial performance, including our outlook for Q4 and the full year of 2023. The words anticipate, believe, continue, estimate, expend, intend, will and similar expressions are intended to identify forward-looking statements or similar indications of future expectations. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our views only as of today and not as of any subsequent date. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward-looking statements in light of new information or future events. These statements are subject to a variety of risks and uncertainties that could cause actual results to differ materially from these expectations. For a discussion of material risks and other important factors that could affect our actual results, please refer to our Form 10-K for the year ended December 31, 2022, filed with the SEC on February 9, 2023, which is available on the Investor Relations section of our website and the earnings press release issued earlier today. Additional information will be made available in our Form 10-Q for the quarter ended September 30, 2023, and other filings and reports that we may file from time to time with the SEC.Additionally, non-GAAP financial measures will be discussed on this conference call. These non-GAAP financial measures, which are used as measures of JFrog's performance, should be considered in addition to, not as a substitute for or in isolation from GAAP measures. Please refer to the tables in our earnings release for a reconciliation of those financial -- of those measures to their most directly comparable GAAP financial measures. A replay of this call will be available on the JFrog Investor Relations website for a limited time. With that I would like to turn the call over to JFrog's CEO Shlomi Ben Haim. Shlomi?

Thank you, Shanti, for the introduction, and thanks for stepping in today as we send warm wishes for a fast return to health for Jake Schreiner, our VP of Investor Relations. Greetings from Israel. Good afternoon, everyone, and thank you for joining us. On Saturday, October 7, the nation of Israel awoke to a brutal terrorist attack targeting its civilian population. This strategic event resulted in the loss of innocent lives, including children, women and the elderly. This heartbreaking incident escalated rapidly into an extended war against the terrorist organization Hamas.A few hours into the situation, JFrog, as a global company with a presence in 10 different countries, activated its business continuity plan comprising 3 pillars: first, our internal plan to ensure the safety of our employees in Israel and maintaining communication channels. Second is a technology pillar to ensure continuity of our services, security, cyber defense and R&D. Finally, we activated the plan for external facing activities to ensure continuity of our customers' engagement, support and external communications. I'm pleased to report that our operations are running smoothly, and our employees are safe and accounted for. Notably, the [ counterstrike ] in Israel has not prompted us to change our fiscal year 2023 business goals that we have previously shared with you. We are closely monitoring the situation but remain confident that the company will meet this target. We extend our heartfelt condolence to the families who have tragically lost their loved ones, our thoughts and prayers are with them during this incredibly difficult time. We pray for the safe and fast return of the hostages who have been kidnapped by Hamas. And we hope for the complete recovery of the thousands of individuals who have been injured. With that, I will move to the business.I'm pleased to report that JFrog's third quarter revenue again exceeded our prior guidance, driven by increased cloud consumption, broader adoption of our security solution and growing enterprise scale adoption of the JFrog's software supply chain platform. Our third quarter revenue was $88.6 million, reflecting 23% year-over-year growth. Cloud usage accelerated in Q3, delivering revenue of $30.6 million, increasing 46% year-over-year. We also exceeded our profitability guidance with a non-GAAP profit of $16.6 million, generating $25.4 million in free cash flow. Customers with ARR over $100,000 grew to 848 compared to 696 in the year-ago period, increasing 22% year-over-year. Customers with ARR over $1 million increased by 6 companies in the quarter to a total of 30 versus having 18 customers over $1 million in Q3 of last year. This is up 67% compared to the year-ago period. These results reflect the critical importance of the full JFrog software supply chain platform for software development infrastructure with our 3 pillars of DevOps, security and IoT driving strategic customer value.Now I would like to expand on what made Q3 a strong quarter for JFrog as our investments continue to bear fruit in accordance with the long-term plans we shared with you at the beginning of the year. First, we continue to see growth in large-scale enterprise adoption of our complete software supply chain platform. Next, our comprehensive integrated software supply chain security and the adoption of our built-in end-to-end technology versus built-on legacy point solution scanners. Third, our cloud growth and marketplace channels, driven by our strategic sales team and through our cloud partnerships. And finally, JFrog's expansion into machine learning operations and AI solutions.I'll start with the growth in large-scale enterprise platform adoption. With increasing demand for delivering speed and the need for scalability and regulatory compliance, we are seeing more of our enterprise customers consolidating tools into a comprehensive platform. As an example, one of the largest telecommunication providers in the United States with millions of global users migrated away from a competitive self-hosted solution to the JFrog platform in Q3 with an 8-figure multiyear new business deal to standardize their operations and modernize the DevOps and DevSecOps practices in the cloud. They selected the JFrog platform's end-to-end capabilities, allowing them to build faster using JFrog Artifactory as a single source of record with high availability and efficient redundancy across their entire software development life cycle. They further noted a need to deliver more robust policy management capabilities at scale and bring comprehensive security to their complete pipeline processes. We look forward to partnering with these customers to achieve their goals of on-prem to cloud migration, developer experience upgrades, high availability, universal binary management and a comprehensive software supply chain security implementation. This use case reflects a growing trend of enterprise-wide adoption of the JFrog platform and long-term standardization on JFrog's DevSecOps technologies.At our recent user conference swampUP customer speakers from global companies such as Fidelity, Netflix, Capital One and eBay, just to name a few, all reflected a common trend, a single source of record of your software supply chain requires complete management and control of binaries. A platform that is binary centric from end-to-end is the only way to automate and secure with speed.On that note, I would like to address adoption of our holistic security solutions and the customer trend of tooling consolidation. It's a fact that the software supply chain flow is the flow of binaries, meaning true security can only be achieved with complete control of both binary release cycle as well as binary contents, dependencies and metadata. JFrog continues to deliver security solutions into the market that are aligned with new attach rates and consolidations of point solution under one vendor. For example, JFrog Curation released in July and keynoted at our swampUP conference addresses the real pain of the enterprise around the secure consumption of open source technologies coming from public repositories. In addition, the new release of JFrog Catalog provides a listing of over 4 million third-party software packages sold in public repositories, solidifying JFrog as a single source of truth for the holistic secure management of software packages.While companies' blind spot may be the security of open source and third-party packages, binaries are also built by in-house developers writing first-party code. To achieve end-to-end security coverage, JFrog is taking the security of software releases a step further to the left with the general availability of code scanning capabilities often known as static application security testing or SAST. With these announcements in Q3, JFrog is the first solution in the industry to deliver end-to-end software supply chain security, providing customers complete coverage from core to production. JFrog code scanning with the new SaaS solution protects first-party code. JFrog Curation protects companies from unwanted third-party packages from entering their organizations. And JFrog Catalog provides metadata and augmented information about the company's binaries. Together with JFrog Xray and Advanced Security for secret detection and [ contextual ] analysis, JFrog is the only company that delivers complete security solution with a binary centric approach.Combined with Artifactory, the leading binary repository, JFrog provides a complete DevSecOp solution for your software supply chain. This end-to-end security approach continues to gain traction across verticals. For example, one of the world's largest biotech companies recently adopted our entire security offering on the JFrog platform. Looking to consolidate point solutions, they saw the value of having software supply chain security integrated with their binary management system. We look forward to helping them address their software supply chain security needs holistically as they tell us they intend to migrate away from point solutions such as meant in their tool stack.And another highly regulated industry, a nuclear security group within the United States Department of Energy recently acquired the JFrog platform to improve their software supply chain security posture. One of the cybersecurity specialist in the Nevada National Security Site team, [ Brian Walkman ] noted. A software supply chain platform is necessary for a practical means to meet certain governmental and standard requirements. More importantly, security at all stages of the software development life cycle is necessary for national security interest. Our response is, "JFrog does that."Next, I would like to address growth in cloud adoption, marketplace channel growth and our strategic sales motions. The expansion in the number of our over $1 million ARR customers this quarter demonstrate the continuing focus of our strategic sales team on driving large-scale software supply chain platform implementation with a key partnership of the major cloud providers. For example, one of the world's largest cloud computing and virtualization technology companies came to JFrog looking to implement their DevOps and DevSecOps cloud first strategy. First, looking to host JFrog platform services themselves in the cloud. They rapidly realized they would greatly lower their total cost of ownership due to the lower maintenance and infrastructure costs that would be safe by utilizing JFrog cloud services. With nearly 3,000 developers, this company is working with JFrog to provide a complete end-to-end platform implementation, which they acquired through the Microsoft Azure marketplace through our strategic sales and partner team. We believe our long-term investment in this top-down enterprise sales approach, driven by our strategic team will continue to provide the North Star for JFrog's top shelf customers' growth.Finally, regarding AI and machine learning, we were proud to announce the availability of DevOps and DevSecOps industry-first support for machine learning, model management in the JFrog platform in late Q3. As Katie Norton, senior research analyst for DevOps at IDC noted in her swampUP report, "The ML model management capabilities expand the JFrog platform into an entirely new space and persona, a single system of record that can help automate ML models' development, ongoing management and security alongside all other components packaged into an application offers a compelling alternative." Just as we provided common ground for developers and IT engineers years ago when DevOp started, JFrog now has the opportunity to bring the world of AI and MLOps into the world of DevOps and DevSecOps. Just as companies increasingly placed the demand on development teams to support security they are now pressuring DevOps teams to deliver machine learning and AI capabilities in line with their applications. JFrog now provides a platform for binary management for developers, data scientists, machine learning engineers and the machine themselves. As keynoted at swampUP, JFrog is the first and only repository manager to proxy the most popular public AI and ML model repository hugging phase. We are also the first solution embedding security for ML model to scan models before they are used. Artifactory now natively supports AI models within the JFrog platform to manage and deliver ML capabilities alongside all other binaries within an organization. The AI supply chain is a software supply chain, and we are proud to be addressing this demand on developers.With that, I will turn the call over to our CFO Jacob Shulman, who will provide an in-depth breakup of Q3 financial results as well as update you on our guidance for Q4 and for fiscal year 2023. Jacob?

Thank you, Shlomi, and good afternoon, everyone. During the third quarter, total revenues were $88.6 million, up 23% year-over-year. Our stronger-than-expected revenues in the quarter were driven by continued strength in our cloud business and expansion of large customers on the JFrog software supply chain platform. In the third quarter of 2023, our cloud business saw sequential expansion in customer usage, equaling revenues of $30.6 million, up 46% year-over-year. We are happy to see the acceleration in our cloud business growth driven by continued increase in cloud usage and better collaboration with public clouds to enable large customers on their marketplaces. We reiterate our baseline cloud growth rate of mid-40s during fiscal year 2023. Self-managed revenues or on-prem were $58 million, up 14% year-over-year during the quarter. We continue to see that our customers' road maps and plans are focused on SaaS migration, and therefore, they do not expand their on-prem footprint at the same pace as in prior years. We continue to believe that our security solutions can be a potential catalyst to reaccelerate revenue growth and customer expansion within our self-hosted business.Net dollar retention for the 4 trailing quarters was 119%, a decline of 1 point sequentially. As predicted, NDR is stabilizing, and we continue to expect our net dollar retention rate for the year to be at these levels. Our gross retention continued to be 97% with no change in overall customer churn trends.In Q3, 46% of total revenue came from Enterprise Plus subscription, up from 39% in Q3 of 2022. Revenue from Enterprise Plus subscription grew 46% year-over-year.Now let me discuss our income statement in more detail. Gross profit in the quarter was $74.1 million, representing a gross margin of 83.7%, up by 10 basis points from the second quarter as economies of scale and cost control offset higher cloud revenue contribution. Operating expenses for the third quarter were $62.3 million, up by $100,000 sequentially, equaling 70.2% of revenues compared with $59.4 million or 82.5% of revenues in the year ago period. During the third quarter, we continue to remain focused on expense discipline while investing in scaling our enterprise sales and channel partner teams and introducing multiple new products. Our operating profit in Q3 was $11.9 million or a 13.4% operating margin compared to an operating income of $1.2 million or 1.7% operating margin in the prior year as we continue to execute toward increased profitability as suggested in our long-term model.Third quarter net income equaled $16.6 million or $0.15 per diluted share based on 110 million diluted shares outstanding versus a year ago net profit of $1.8 million or income of $0.02 per diluted share.Turning to the balance sheet and cash flow. We ended the September quarter with $502 million in cash and short-term investments, up from $443 million as of December 31, 2022. Cash flow from operations was a record $26 million in the quarter. After taking into consideration CapEx, free cash flow was $25.4 million, generating a 28.6% free cash flow margin. Our strong free cash flow margin is driven by better-than-expected profitability and strong collection from our customers. We increased our expectations for free cash flow margin in fiscal 2023 and now believe we'll be able to achieve 15% to 16% free cash flow margin. As of September 30, 2023, our remaining performance obligation totaled $235.1 million.Now I'd like to speak about our guidance for the fourth quarter and full year 2023. For Q4, we expect revenue to be between $92.5 million to $93.5 million, with non-GAAP operating profit between $10 million to $11 million and non-GAAP earnings per diluted share of $0.12 to $0.13, assuming a share count of approximately 111 million shares. For the full year 2023, we anticipate total revenues in the range between $345.1 million and $346.1 million. Non-GAAP operating income is expected to be between $32.8 million and $33.8 million, and non-GAAP earnings per diluted share of $0.44 to $0.45, assuming a share count of approximately 109 million shares.Now let me turn the call back to Shlomi Soma for some closing remarks before we take your questions. Shlomi?

Thank you, Jacob. We believe that Q3's strong results showcased the alignment with our long-term strategic growth plans as we continue to meet technology and business goals. To JFrog's tireless global teams, thank you for your focus, solidarity, passion and execution. Q3 is a testament to our resilience. I'm excited to welcome Ed Grabscheid as our new CFO beginning January 1, 2024. Ed brings vast experience prior to his time at JFrog and in the past 4 years as part of our finance leadership. Ed, we are confident that your leadership will continue to drive JFrog's success. From here, I would like to send our CFO, Jacob Shulman, the best of wishes on his next journey. While you will be with us through the end of this year, I'll take the opportunity now to thank you, Jacob, for the years of friendship and partnership. You will always be a frog. I would also like to congratulate Orit Goren, who was recently appointed as our Chief Sustainability Officer, highlighting JFrog's commitment to maintaining and driving responsible business. After many years as our Chief Operation Officer, I want to thank you, Orit, for taking on this very important role.In closing, our thoughts and prayers continue to be with the families affected by the brutality of the terror on Israel. Israel, like JFrog is strong and will prevail. We hope for peaceful and secure days ahead. With that, thank you all for joining us for our Q3 earnings call and may the frog be with you.Now we will be happy to take your questions. Operator?

[Operator Instructions] Our first caller is from Pinjalim Bora from JPMorgan.

This is Noah for Pinjalim. Quite [indiscernible] to hear is everyone is staying safe and congrats, Jacob, it's been great working with you and looking forward to working with you, Ed, as well. Can you maybe just walk us through what you're seeing in terms of the cloud optimization at this point? And any other incremental color you can provide on what drove the acceleration of cloud revenue growth?

Yes, hi Noah. So the trend that we see in Q3 continued positive momentum on cloud usage. As you could see, our revenues accelerated, driven primarily by usage of our large customers and growth of our large customers and marketplaces. So that's very positive. We continue to see that migrations while accelerated a bit from prior quarter is still below prior year levels. And the overall adoption of our enterprise platform solution on marketplaces continue to drive our cloud revenues, and that's the reason for acceleration in the cloud in the quarter.

Next, we have a question from Koji Ikeda, BofA Securities.

Just wanted to follow up on the cloud growth, the strong growth there. And Jacob, you just mentioned the migrations. But earlier in your prepared remarks, you were also talking about Advanced Security and its availability within the self-managed portion that could help reaccelerate that segment of the revenue mix. And so just trying to think of the puts and takes here, thinking out into the future of how we should be thinking about overall migration as a SaaS revenue driver, but also the Advanced Security, which either could help stabilize or maybe even accelerate the self-managed piece? And when could that -- we could start seeing that in that piece of the revenue?

Hi Koji, and thank you for the question. This is Shlomi, I'll take this one. I think that what we see in the cloud and the growth, the 4% to 6% year-over-year growth is also a result of our strategic enterprise sales team together with our partner team. We discussed that earlier this year, the investments that we have done there. This team is focusing on not only migrating customers from self-hosted to the cloud to bring new logos to the cloud. This team is also focusing on looking holistically at the DevOps and DevSecOps requirements of our customers. Therefore, Advanced Security, Curation and the new capabilities that we announced recently at swampUP and before are also included. We spoke about one of the biggest telecommunication in North America that just migrated to the cloud together with JFrog this company also adopted JFrog Advanced Security with a meaningful part of the subscription. The other company, which was discussed, the nuclear security company, also adopted the full platform together with security. So we see some kind of a movement not only to have a DevOps end-to-end software supply chain solutions, but also to have a comprehensive building security within the platform rather than using point solutions.

[Operator Instructions] Our next question is from Sanjit Singh with Morgan Stanley.

Yes, it's nice to hear about you investing in sales and marketing to drive adoption in the large enterprise. But if we look at the last couple of quarters, that as a percentage of revenue has sort of lower, how should we think about that? Is your plan to increase your headcount in that department? Or at this point, you have the needed sales force to drive that adoption?

Yes. Sure. So over the past years, we've made significant investments into our go-to-market capabilities. A few years back, we started building our enterprise sales team, strategic sales team. Then last year, we started building our partnership and channel team. So we continue to make investments, and we built a security overlay and some additional capabilities on holistic top-down approach to go-to-market approach. So those investments started bearing fruit, and that's why we see that S&M investment as a percent of revenue become more scalable and we see more leverage. We'll definitely continue to invest in those capabilities and we'll continue to grow our sales and marketing expenses in absolute dollars. But in the long term, as predicted in our long-term model, we expect to see more leverage and therefore, as a percent of revenue, these expenses will continue to go down in the long term.

We have a question from Miller Jump with Truist & Company.

Congrats on the strong results. I guess, I was just curious, could you talk about maybe the Advanced -- or excuse me, the opportunity you see for Advanced Security and Curation this year going into the fourth quarter, given the concentration of renewals there? And just any color you could give on what you're baking into guidance for that.

Yes. Thank you for this question. As we guided the market, we announced JFrog Advanced Security earlier this year. It's a set of 6 capabilities that are added to the platform. And just last quarter, we announced Curation, which is an additional product that protect the organization from the get-go. We think that what we see here is an adoption of a consolidated security solution, which will become material in the next year. And this is how we guided the market. Currently, we are very pleased with the adoption tens of customers that already adopted this as part of the platform usage. The security additions will become material in the next year.

Next, we have a question from Kingsley Crane with Canaccord Genuity Corporation.

So at swampUP, you mentioned that the products you were releasing were thematically consistent with the growth drivers of cloud and security. So they kind of fit nicely in with the long-term model of 30% plus growth. So as we move forward, how much of that -- how much of your existing product portfolio can contribute to that growth figure? Or in other words, how much more products do we need to be released in order to hit that target?

Thank you, Kingsley. What we announced in swampUP was part of our road map. We announced several tools that support the full software supply chain platform play that we implement in the market. JFrog Advanced Security comes first, then JFrog Curation and Catalog, which was announced and keynoted in swampUP. We are also planning to have some security capabilities on the run time. So shifting right. We added static analysis security on the left to secure real code. And by that, we provide an end-to-end security solution. On top of that, we also announced the AI and MLOps capabilities as part of the platform natively supporting security scanning for ML models and storage of ML models in Artifactory. If you look at the global picture altogether, JFrog platform today provides a full end-to-end solution for DevOps and DevSecOps from code to production. And in the next few quarters, we already have items in our road map to complete even further right to what we discussed.

And if I may add to that. So when we released our long-term model, we already had these new products either at the market -- launched in the market or just about to be launched in the market. So we definitely took those products into account when we released and shared our long-term targets with you.

[Operator Instructions] And our next caller is Ittai Kidron with Oppenheimer.

And Shlomi our thoughts are with you and the whole team in Israel, of course. Shlomi, I wanted to make sure I understand the security side, can customers buy your security solutions without [ Artifacts ] or that's still not a possibility? So when will that happen? And then maybe for you, Jacob, on the expansion rate with all the new product coming along and clearly, with the better execution on the upsell and the traction of $1 million customers. How should we think about net dollar expansion rate here going forward for the next couple of quarters?

Hi, Ittai. What we see as reported is that our net dollar retention stabilized around the 120%, 119% as predicted and as guided. In the self-hosting solutions, since our security solution is based on a per seat model on top of the platform, we look to see some acceleration there. Though our strategy is very focused on the cloud and the cloud migration. And there as well, security will be a strong driver to support the net or retention guidance that we provided. Security, in both cases, both deployment environment, cloud and self-hosted is based on by developer and not only by consumption. So we think it will support the net dollar retention, and it will be aligned with our guidance.

Yes, Ittai [indiscernible] of net dollar retention, this level -- and it's obviously too full for us to provide the guidance for 2024.

Okay. But Shlomi just to make sure I understand, can I buy your security, Advanced Security and Curation without buying Artifacts?

No. Currently, security, our solution security is part of the platform coming with the Artifactory and Xray. In the future, we may consider to have it as a stand-alone solution. Currently, it's a full solution coming with the platform.

And our next caller is Brad Reback from Stifel.

Shlomi as we think about sort of the emergence of AI and ML, large language models, how does that play to help accelerate usage of the cloud Artifactory?

Greetings Brad. AI and MLOps these are technologies that are being adopted rapidly by all organization and also the enterprise are looking into it. As you are familiar with our portfolio, the majority of our customers are enterprise customers with thousands of developers. And to be frank with you, most of them are trying to first kind of put down the playbooks and the regulation of how you use AI, how you secure AI, how you automate it and how you become more efficient with it before you let machine code and build binaries and distribution for you. So we planted the seeds, JFrog is the first and only company in the world that practically provide AI solutions for our customers. We planted the seed not only for DevOps but also for security. Artifactory natively proxy having phase, the public repository. And Xray automatically scan all ML models before they are getting into the system to the software supply chain. With the rapid growth and rapid adoption of AI and MLOps. We believe that this will be just another practice for the JFrog user and will accelerate the adoption of our platform, will put us in a very good position in terms of competition that might come up in the future. And will serve our customers and community better with the universality that we provide. Currently, it's too early to say how will this impact the long-term order?

And our next caller is Jonathan Ruykhaver from Cantor Fitzgerald.

So Shlomi, an interesting point that has come up in discussions we've had with JFrog customers is around the automation that Artifactory brings to third-party CI/CD solutions, and specifically, the significant reduction in build time and in cost savings. Can you just comment on that dynamic? How important it might be when you look at [ news ]. And also, what is the implication to pipeline? Is pipeline last of an opportunity just given how well you work with other CI/CD tools?

Yes. Thanks for this question, Jon. JFrog Artifactory and JFrog platform overall is based on an open RISC API working with all the major CI/CD tools in the market. We are natively supporting GitHub Actions, Jenkins, GitHub, CI/CD, CircleCI and obviously, others. It's also mandatory for everyone who use CI to use the binary repository because the moment you use CI on top of your source code repository, you create a binary. And then the deployment into Artifactory and pulling out from Artifactory by CI/CD and automating the full software supply chain is being made in and out from Artifactory. Regarding JFrog pipeline, JFrog pipeline is accelerating the automation of the JFrog platform, integrates with all the CI/CD tools and help you promote binaries from every quality gate all the way to production. JFrog pipelines also provide a friendly UI for users to manage their dependencies and to manage the source of tools of all binary. We don't see JFrog's pipeline as a catalyst for the adoption of our platform or a major catalyst for ARR. Actually, what we see is that using JFrog pipeline makes our users more faster and secured as they secure their pipeline by using it.

Okay. So it's having a strong impact in terms of the value proposition, but it's not necessarily impacting ARR or the adoption of the Enterprise Plus package, correct?

Correct.

Our next call is from Mike Cikos from Needham & Company.

But I think the first question, if I could, for Shlomi. We were kind of struck last quarter when the company was saying that the optimization headwinds were largely behind the company. And I apologize if I missed this, but can you provide us an update? Does that still stand here where we are today? Is it fair to think that those optimization headwinds for JFrog are now firmly in the rearview mirror? And then I just had one follow-up.

Yes, Mike, we did talk about the usage trends, and we continue to see continued growth of usage. So we do believe that this wave of optimization is behind us. We continue to see the adoption of our platform by larger customers on marketplaces. However, having said that, we also see a slower pace of migrations comparing to prior year. So definitely macro headwinds in terms of impact on pace of migration is still there, but cloud usage continues to grow, and that's a trend that we've been experiencing for a couple of quarters now.

And I think maybe one other item. I think earlier this year as well, I know that the company was trying to adjust its free tier. And I think that you guys had decided to limit the number of users that fell under that free tier and maybe by creating that limited capacity, there was a thought that, that could benefit the model in some capacity from a monetization standpoint. Can you remind us what the initial findings on conversion or benefit to revenue, if any, have come through the model at this point?

Yes, Mike, when we decided to kind of building the top of the funnel without free tier earlier in 2022, the main reason was all the additions that we provided with security and IoT capabilities that you cannot just add on a 3-tier basic DevOp solution. It didn't serve not the strategic product strategy and not the go-to-market strategy, which became top-down, strategic enterprise sales. The conversion that we've seen from the free tier where customers, usually small groups of developers that converted to Artifactory and the power subscription, and we decided that it doesn't serve the top of the funnel, I'm happy to report that you can see that what we have built now with our enterprise sales and the strategic sales bear fruit, one of the results being demonstrated this quarter was the amount of customers that are growing over $100,000 and over $1 million. This is not coming from pre sales as you probably understand.

Our next caller is John Gomez Nick Altmann with Scotiabank.

This is John Gomez on for Nick. Can you talk about how September and October trended from a macro perspective relative to expectations? And whether you have seen any meaningful change in overall like buying propensity from customers?

No, we did not see any changes in the trends in October continued to be comparable with Q3.

Our next caller is from Ethan Weeks with Piper Sandler.

It seems like there's still a large amount of organizations out there using either free or open source binary repository management solutions. And as we think about the amount of innovation and product leases you've had on the security side, do you think this could provide a catalyst maybe for a lot of these organizations to start considering a commercial solution? Or if not, maybe what that catalyst may be in the future as we think about new customer growth and converting some of these onto your platform?

Yes. I'll take this one. We built JFrog to Action from the bottom up from the developers up. And obviously, starting with open sales build the consensus around Artifactory as a single source of record for the organization. What we know now years after is that it takes more than just one open source solution when you want to build a comprehensive software supply chain solution, especially on an enterprise infrastructure level, you have to adopt some security tools, you have to adapt universality, high availability, multi-site topology. And very often, we want to move everything to the cloud, which obviously has nothing to do with open source or not. It's about having it as a service. So for sure, yes, it's a top of finance. A lot of potential customers are looking at the open source before they are trying our tools and the free trial. But the open source is still there, serving us among developers. The enterprise where JFrog where shines it's a very temporary solution and usually being replaced verified.

And our final question comes from Michael Turits with KeyBanc Capital Markets.

This is Billy on for Michael. Just wanted to ask, with Curation crossing between kind of both developers and security, have you seen that acting at all as a gateway to broader conversations with the CISO. Should we think about Curation as the next logical customer expansion from the core product before adopting advance security?

This is a wonderful question. Curation is very, very unique. Because Curation lands on the common ground of the CIO and the CISO. What I mean by that is that companies realize that they can become far more efficient with adopting open source stages by scanning it before it's even getting into the organization. And therefore, Curation is very appealing and growing very fast. The pipeline, we are very pleased with what we see that people immediately understand it. It doesn't matter if you're coming from the security side or the DevOp side, you immediately understand the value of preventing malicious packages to get into your organization to your software supply chain. So we absolutely think that this will accelerate the adoption of our security solution. This is also why on the go-to-market, it's separated from JFrog Advanced Security, but still based on the same business model. In the future, we will add more capabilities that would provide a full comprehensive DevSecOp solution. But already now, we see that nobody is just building from scratch and everybody brings open source packages. And therefore, you want to secure them and to curate them to bless them before they are getting into your software supply chain. Once they are in, then JFrog Advanced Security, take an Xray, take position and secure the pipeline. So my answer is absolutely yes, and I'm looking forward to see how this is changing the landscape of how open source software packages are being used.

Thank you. And there are no further questions at this time. So I will turn the call back to Shlomi for closing remarks.

Well, thank you, everyone. Thank you for taking the time to join us today. We pray for more peaceful, quiet days here in Israel and may the frog be with you. Thank you very much.

And this concludes today's call. Thank you for attending, and you may now disconnect.