JFrog Ltd. (FROG) Earnings Call Transcript & Summary

All right. I'd like to welcome everyone this afternoon to our swampUP 2023 Analyst/Investor event. Thank you very much for all of you coming out and attending. I'm going to have to start off with the typical legalese in terms of forward-looking statements and then pass it over to our panel here. Leading the event today is going to be JFrog's CEO and Co-Founder, Shlomi Ben Haim; CTO and Co-Founder, Yoav Landman; and Jacob Shulman, JFrog CFO. During this event, we may make statements related to our business that are forward-looking under federal securities laws and are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including statements related to our future financial performance. The words anticipate, believe, continue, estimate, expect, intend, will and similar expressions are intended to identify forward-looking statements or similar indications of future expectations. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our views only as of today and not as of any subsequent date. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward-looking statements in light of new information or future events. These statements are subject to a variety of risks and uncertainties that could cause actual results to differ materially from expectations. For a discussion of material risks and other important factors that could affect our actual results, please refer to our Form 10-K for the year ended December 31, 2022, filed with the SEC on February 9, 2023, which is available on the Investor Relations section of our website. And for additional information, you may find that available in our 10-Q for the quarter ended June 30, 2023, and other filings and reports that we may file from time to time with the SEC. Additionally, non-GAAP financial measures may be discussed at this presentation. These non-GAAP financial measures, which are used as a measure of JFrog's financial performance should be considered in addition to, not as a substitute for or in isolation from GAAP measures. With that, I'd like to turn it over to JFrog's CEO, Shlomi Ben Haim.

Well, thank you, Jeff. And thank you, everyone. Thank you, thank you. Thank you, everyone, that joined us here in the swampUP of San Jose, and thank you for everyone that joined via the Zoom call. We -- as you know and as we promised, as we committed, we were working very, very hard to take over the full entire 360 software supply chain management. And today, our keynote included some of the releases that I think you can hear among all the customers that are here for our swampUP user conference. I will just take a few moments to go over what was announced today. Together with me, Yoav Landman, our Co-Founder and CTO, that can answer technical questions, and Jacob Shulman, our CFO, which you well know, that can take all the financial questions. And let's just go over it. Well, boy, we have some interesting announcement today. Let's start with the static analysis scanners and the coverage for source code scanners. SAST is an addition to our JFrog Advanced Security that was announced in the cloud version in -- last October, on-prem version on March. We've realized that the entry point to this kind of service, the service that protect the software supply chain from the inside out starts left to Artifactory, coming all the way from the source code. And developers are expecting to have this kind of protection on their machine, not even on the server side level. So we added static analysis with a very strong integration to the development environment that now can scan your source code as part of the JFrog Advanced Security, which you well know that comes with secret detection, contextual analysis, infrastructure source code and other solutions. The second announcement on the security category was JFrog Catalog. And this is almost natural for JFrog to build a Wikipedia or, as we said on stage, the Google Search of binaries or the LinkedIn of binaries, call it whatever you want. This is how our customers call it. Because this information is already in our hand. In a way, what happened today is that JFrog is not only being the single source of truth for a lot of companies, but also became the data supervisor, the data hoster of all the binaries and the software packages that you bring from outside and that you create and build inside. JFrog Catalog provides you with all the information you need to know about the certain binary and it comes together with JFrog Curation, which was announced in July, last July, just a few weeks ago, in order to automate not only the detection of malicious code or CVEs, but also to remediate and to set policies together with JFrog Curation. One very important piece of announcement that was included today was in the landscape of AI and ML Ops. And I know that you guys are hearing all type of announcements in this field because of, obviously, the hype. But for us, it was just the next logical step. And if you remember during the earnings call, we already said AI models, MLOps models are yet another form of binary. So our customers and our users, the technologists of the world, expect us to support it natively in JFrog Platform. So what we added and announced today is a native support to Hugging Face, the most popular AI public hub, public repository. And now you can cache Hugging Face through Artifactory and to have Artifactory not only as your docker registry or Java registry or Python registry, but also your AI models that are coming from the open source community from Hugging Face. And this is being done automatically with the remote repository capabilities of JFrog now natively. The second thing that was demonstrated and announced on stage was how Artifactory is managing these models. And by the way, not just the models that you bring from outside, and not just the models themselves, but everything and every major data that need to come with it and every model and training models that need to come with it, how Artifactory will manage it for the organization as a single source of truth. Now remember, who are the people that are building AI in your organization? It's the Python developers, it's the data scientists. These are the AI engineers. They already use Artifactory, they already use Artifactory with [ Pi PI ]. They already use Artifactory with Conda and [ ZLAN ]. And now Artifactory becomes their single source of record also for AI models, whether they were brought from Hugging Face or built inside the organization. And the last piece of this announcement was the extra enforcement on these models. So it's not good enough to build an AI registry. And yes, we are the first and only repository -- local repository in the world, and we are very honored to be there. It's not enough. A complete solution comes with DevOps and security. DevOps and security means that if your company's policy says that it's not allowed to bring an AI model with the license that is violating your policy, X-ray should block it. And the automatic proxy and caching of Artifactory means nothing if you cannot apply the security policy on these AI models, malicious models, some known CVEs that you don't want to bring inside, versions of models that are not maintained that you don't want to bring inside. The comprehensive solution, the authentic solution, the zero FLOP solution that we released today is now in the hands of our customers, so they cannot only support the developers, the engineers, the data scientists of the organization, but also Gen AI initiatives in the organization. I want to touch the Release Lifecycle Management, and that was shared on stage as well, because this is a combination of what we call the one world, a harmonized world of DevOps and DevSecOps. There is no way, there is no way, that in today pace, when your developers releasing so many times a day software, there is no way that you can be secured if you are not cryptonized and if you are not signing the process. What you have at the beginning might be changed 5,000 times along the different quality gate. And you need to make sure that if it was changed, then you know about it. And if you don't want to -- you are assigning it and cryptonizing it and you are doing it in an automated way. It's not manual, but you have all the records and all the information that you need to add on top of the binaries. We announced today a Release Lifecycle Management, in addition to our JFrog Platform and the DevOps solution. This is coming from the field. This is a request that we got from the field in high scale. When you have multiple releases a day, you want to have different quality gates that certify every release that comes out. Let's see if I didn't forget anything. The last thing is the Curation. Curation is kind of -- in the JFrog life, it's kind of an old news because it was announced just a month ago. But Curation is a big thing. And I'm telling you it's a big thing not only because of the fact that it was announced again today on stage, but because of the fact that on July 18 we announced it, and we already have paying customers. How many security tools do you know in the field that in less than a month out there in GA are already in production? And you know why? Because it's a real pain solver. Curation is the binary's firewall that you put in front of your organization. This is an outside-in solution to make sure that your company policies are enforced even before -- even before software packages, open source software packages, are coming into the organization. And what Curation can help you do, whether you take binaries from Maven Central, Docker Hub, npm or other repositories, and as you know, our philosophy is all about universality. What Curation can do, Curation can actually set a policy that automatically will block malicious packages, unwanted versions, unwanted licenses, from even getting into your organization from the get-go. So if you want to kind of picture the full comprehensive software supply chain security, you have JFrog Advanced Security and Xray from the inside out protecting the development environment. You have Curation from the outside in. And we are very, very proud of the team. It's been almost 2 years since we acquired Vdoo. This team worked under the radar with the strongest research team that build a very strong database and a very strong tools and technology that is based on our customers' feedback. And I'm very much expecting to see these results also being translated to business as we guided and predicted with you. Thank you.

All right. We'll open up Q&A now. So if you have a question, if you could just raise your hand. I'll bring the mic over to you, and we'll get the question asked.

Sanjit Singh, Morgan Stanley. Shlomi, that was a great overview of all of the announcements today. It sounds like the innovation engine is quite healthy at JFrog. I guess the main question I have and kind of like the multimillion dollar question is, where is the category going? Because it seems like there's 2 trends at play. There's one, the software release cycle, moving on-prem to the cloud, number one. And then two, we're on the dawn of a new compute cycle. And how your customers are thinking about that. And essentially, the debate is, are they going to reconstitute their software release cycle as it is today in the cloud? Or are they going to consolidate and, if they are going to consolidate, with whom? And I'd just love to get your latest view on those background secular trends and where you think the category is going from that consolidation perspective.

Thank you, Sanjit, for the question. We speak about a category, but I think that the evolvement is kind of mixing or merging a few categories together. Not so long ago, DevOps was a category and security was a different category. And nobody argued today that it's on the same plate as a task. We are speaking about source code management for so long, and you see now that software supply chain management is all about binaries. Well, not all about, but 90% of it is about binaries. We're speaking about software supply chain, but then there is a new category that's rising up very fast, which is MLOps and AI. So I think that we should be focused on the end in mind. What is the end in mind? In my world, the end in mind is continuous update of software. And we said that in the S-1 when we went public, and it became a reality now. And the only way to have a continuous update flow all the way to the edge, all the way to the devices, and this is the race that companies have between them and the competitive landscape and between them and the hackers. The only way to have a continuous update software supply chain machine is to be focused on the binaries. So I think that what we will see in the next coming years is that more and more companies will fine-tune the way they secure the software supply chain, because what they have today keeps them vulnerable. We will see more automation stepping in, and more automation will enable more machine involvement in the process. And we will see more regulation because, to be completely honest, there is so many areas that are not yet covered with the required regulation of how you secure, of how you release, and how you bring in AI that is required. Yoav and Jacob...

Yes, I can add to it. So the cloud is definitely happening, and that's -- that's a trend that's accelerating. But I think regardless of what deployment looks like whether it's on-prem, whether it's on-prem in the cloud, like you manage the software yourself, or maybe it's -- we see that a lot with JFrog [indiscernible] like factories that get software deployed in them, the main concern that we'll see customers focus about is the trust in the releases. And what we spoke about today, this release-first approach is really how customers are thinking about software. They have a software release that they need full visibility, very similar to traditional industries, to how this release was created. And they need control points along the way so that they can inject this trust and they can give you this full visibility to the history of the release. And think about it like the car industry, you have a car, you know exactly which vendor created every component. If something is faulty, you can do a recall. It's the same. Source is another very important part of the chain. It's -- but it's only part of the chain. It's part of the process. You have the phases where you consume output from external sources like -- inputs, sorry, like third-party components or open source components that make up more than 90% of your application. And then you package your release, you're testing it together with the work of other people in the organization, and you bundle it and you distribute it. And all those steps, and of course, you scan it for security issues, all those steps that require proofs, very similar to traditional industries. And that's what we're seeing customers going to. Even on the run time, like if you want to run something in Brazil, we have customers that are actually attaching this evidence that says, it's fine, you can deploy this release in Brazil. And the run time will reject if it's not there. So it's around creating this end-to-end trust.

You have Mike Cikos here from Needham. So 2 questions, and thanks for doing this, right? The first question I have -- Shlomi, great to hear on the adoption and already having paying customers for Curation. The question on that becomes, for those initial customers, are they coming up for renewal? Are they skewing more heavily towards a specific end market? Like what are you seeing for those customers who are adopting Curation? And then the second, I know this is just brass tacks here, but just want to get a better sense and make sure I properly understand how you're monetizing all these announcements today. Like, are some of these included in existing packages or some of these new SKUs, which are going to require an additional attach on behalf of the customer?

Yes. Thank you, Mike. So regarding the Curation customers that we have already, these are Artifactory users that are, surprisingly, not security people. These are the combination of DevOps and DevSecOps guys and not the traditional security people, and mainly because of the fact that Curation is very easy to be adopt by the developers. They want to know 2 things: A, we are not bringing something we shouldn't. And B, if we are being blocked, tell us why. And the combination of Curation and Catalog provides that. The reason that we built Curation on top of the JFrog platform is mainly because of the fact that, again, the value is in the holistic solution, not just a stand-alone solution, although one of these customers that we are speaking about is a new logo that came to JFrog because of Curation. Regarding the second question of how we are planning to monetize that, JFrog Advanced Security and JFrog Curation are Tier 2 and Tier 3 in JFrog holistic security solution. Tier 1 is Xray Essentials which, as you know, comes with the DevOps subscription. Tier 2, JFrog Advanced Security, 6 different capabilities. Today, we added static analysis, bundled together, consolidate together, very appealing to CIOs and CISOs because of this consolidation and alignment with the platform. But this is an add-on on top of the subscription and you pay by seat for JFrog Advanced Security. Tier 3, JFrog Curation, comes as an additional add-on that is also by seat, by contributor, by developer contributing seats. And JFrog Curation is also another layer that you can add. So basically, if you want to think about monetization, first, there is the easy way of thinking about expanding with the customers from DevOps to DevOps Plus [ just] [ to DevOps Plus Curation. And there is another thing that we start seeing. Customers that are using only Artifactory with the Pro subscription, customers that are using only Pro X [Audio Gap] [ to factor in ] Xray start to upgrade to Enterprise X and Enterprise+, which by definition, with the base fee that is higher than the lower subscription. So we see those 2 trends. It's too easy. This is why in a very responsible way we guided you that in 2023 this will not be material. But I'm sure that what we will see in 2024 is a breakthrough of JFrog Security setting the standard in the market.

Sebastien Naji from William Blair. Two questions from me as well. The first is it seems clear that your differentiation in DevSecOps is your not only visibility into the binaries, but also your control of those binaries. Is there a quantitative way to think about that benefit? Like how -- how do you sell that to customers? How do we sell that to investors that you catch 55% more vulnerabilities or something like that with that visibility and control of the binaries? That's part one. Then part 2 is just around the MLOps monetization potential. It sounds like a lot of those binaries are magnitudes larger than your traditional application. What's the potential uplift or expansion to just core Artifactory usage as a result of more applications becoming Gen AI-enabled?

Yes. Very good 2 questions, Sebastien. And regarding the first question, binaries asset that is growing in multiple languages. And it's the only asset -- or not the only, but it's the most popular asset that is also available by the community. Nobody build any more from scratch. You bring software packages and you build your own. I don't have the data to tell you how every repository is growing, but what Hugging Face, for example, published regarding their growth with number of models, or what we see in Docker Hub or what we see in npm, shows us that the number of binaries in the world are growing in the order of magnitude. JFrog being the single source of record for organizations is -- although we are already more than 10 years in the market, this is a new concept, because your single source of record not necessarily was your binary. But what happened is that the world start to be driven by data, and binaries are coming with the data. So most of our customers, when they need to automate something, where they need to operate something, they don't just need a software package. They also need the data that comes with it. So I think that you will see this transition happening, and you see it now happening more rapidly because of automation in AI. But this transition from managing source code to managing binary, it's happening. It's a fact. And it will make JFrog even more mission critical, even more the center of gravity because, as you said, we already control the binaries. So now we just secure them or release them or deploy them. Regarding the second question -- I'm sorry, I'm cut off. Can you remind me?

Yes. It's just the ability to monetize the MLOps opportunity given the much larger dependencies.

Yes. I'm so excited about what I have to speak about it, cutting my line of thought. MLOps. What is it Sebastien? What is -- everybody is speaking about it. Everybody is speaking about it. But we have over 7,000 customers. The majority of the Fortune 100 are a customer of JFrog. And if you go and ask them, they will say, "We have to invest in it. They will say, "We have to get into it." And then you ask them, "Okay, so how do you manage AI initiatives in your organization?" And you get all type of question. So it's too early to say how you will monetize AI. But I will tell you right here, right now, if Artifactory is the first repository in the world to support Hugging Face proxy, to support management of your AI model, and by the size of these binaries, which are bigger than the regular binaries, you will look at different storage and different needs and different scalability that Artifactory provide and other registries cannot provide, I think that it would be another package that will become very popular. And the standard maker will become JFrog. So it will bring new customers and it will bring our customers to expand their solution with the JFrog Platform.

So I want to expand on your first question about control. Since we are the hub in the organization for all the software components of the organization, and our machine learning too, it's very easy for us to apply control centrally. And security professionals just love it because, for them, if they want to -- so today, even without Curation, you can block downloads of artifacts that were not scanned yet by Xray. So that can be a central role. Now with Curation, you can completely stop them at the perimeter. And I'm not sure how many of you saw the keynote, but it's -- for the developer, it's transparent. They don't have to set up anything in their pipeline. It's just -- this is part of the service they're using now. If they are blocked, they will get the input, like Shlomi said, it's really critical to maintain the productivity and longevity of development. But you apply these controls in the center on the hub and it's just very easy to apply security that way. That's what security professionals love so much, that they don't have to get the collaboration of the teams that they need to secure.

Miller Jump from Truist Securities. So 2 questions for me as well. I guess first one, just when we saw that graphic during the keynote that broke out the different stages with kind of binary versus code space, it seems like the announcements today and recently with Curation are actually moving you into the code space where you haven't been as much before. I guess first question is just, is that something that has been on your road map for a while? Or is there something that's causing you to shift there now? And I guess, maybe do you expect to do more there in the future? Second part of the question, just again along the lines of all the product announcements that you've made. Obviously, you all announced some long-term targets as far as your operating model and revenue growth. I would imagine these products were already on the road map when you made those announcements. Are those baked into current growth? Or would those be additional to the targets you laid out earlier?

So maybe I can start with the first question about the shift left. So we announced 2 -- our expansion [ left ] in 2 major areas. One is the curate and the other one is the create where developers are actually writing the code. On the curate, it's actually binaries all the way. It's about closing the gate on bad components that can get -- which are binaries. These are binary packages the developers are using. So the dependency is the packages that your developers are consuming, these are binaries. And this is a critical step, which is even before you start writing the first line of code, you get the -- you kind of say which external libraries you require. So that's on the curate phase. On the create, we are practical. We know that fixing stuff as much on the left as you can is cheaper, it's easier. There are plenty of researches and evidence about why it can be more efficient. But the nice thing is that we're applying the same set of rules and giving you a single pane of glass for all those checks. So you have one place to see all your security findings across the different stages. And also we have this connection between the source and the release and the binary that were created from the source, which I don't think any other platform provides to this. So we have a holistic view, and we really want to cover all bases. We want to close the loop, including to the run time and give you this full holistic view, which customers need.

And I will address the long-term question, the long-term model question. Absolutely right. Some of these products were already released, were in final stages of launches when we updated and provided more details about our long-term model. If you recall that we noted 3 major growth drivers for the long term. One was the platform adoption. Second was the SaaS migration and transition. And third, security. All of these announcements fall into these 3 categories, and therefore, were included in our model.

Koji Ikeda from Bank of America. Thanks for taking the questions. I got 2. And the first one is a follow-up to an earlier question. Shlomi, I think you mentioned a new logo came to JFrog because of Curation. I guess, what caused that? What was maybe the pain point that customer was coming to? And could Curation become more of the common land for customers out there? And maybe even some of the newer products announced today, maybe the trusted ML model management. Could this be a land-type product in the future? First question. And then the second question is about kind of the sales organization and the sales strategy. So in your opening remarks, clearly, the lines between dev and sec and ops are blurring. And you add AI and ML as an accelerant there. Are you guys finding that the lines between the buyers within these organizations, between the dev and the sec and the ops organizations, are those lines blurring? And if they are, how is JFrog attacking that evolving buyer?

Thank you, Koji. Regarding new logos coming in because of the new capabilities, obviously, that's something that we are very excited about. I don't think that we will see new logos coming just because of Curation. But when Curation comes on top of Artifactory and Xray, that's a completely different value that you get from a software supply chain platform. Now you look at the landscape and you ask yourself, okay, who else gives me these capabilities, not only to become my single source of record, but also to protect my organization from the inside and from the outside? There is zero. And we have this full pack for our customers. And to be honest, and I'm saying it in the most humble way I can, I'm not surprised. Curation came to JFrog from the field. Our customers told us, you are the single source of tools for our binaries. Can you make sure that unwanted binaries will not get in? So the moment we announced that, even in the beta version of it, when we test the water with Curation, we already saw the excitement. So yes, I think that we will see new customers. One of the reasons -- also going back to Mike's question, one of the reasons that Curation only comes with Enterprise X or Enterprise+ is because of the fact that we want you to have the full experience and not just have an add-on supporting your binaries firewall. The second question -- second question about the sales notion, the sales team and what we see in the field. So JFrog today supports 6 different persona. And the main reason for that is the transition that we see and the evolvement that we see and the evolution that we see internally is a mirror of what we see externally. And the CIOs and the CISOs are becoming one. So I was -- a year ago, I was a bit surprised when in every meeting that we spoke about security, I saw both of them coming in. Today, I'm not surprised to see that most of the big organizations are talking about unification of this role because CIO must have some security capabilities. This cannot be an outside organization. They are too fast for the security to catch up with them. The second thing that we see is that product managers are now starting to be part of the people who speak with us because, if you support a big car manufacturer that is telling you, not by the amount of releases, how good you are, but by the amount of cars that are going out from the manufacturer, then the product manager is the one that owns that. And I think we would see more and more personas kind of chiming into the JFrog Platform. AI will, for sure, introduce us to a larger group of data scientists that not natively use JFrog today. I can think about other communities. But this evolution inside JFrog is mirroring what happened and outside of JFrog, security and DevOps becoming one, releases, including also the product managers from the get-go. And we see more and more developers from different communities kind of checking in to the platform. By the way, this is also not new. We saw it in the past. We started, all of you remember, with Java and then it grew to [ DocNet ] and C++ and containers and RPM and 30 different technologies.

It was a really lively event. This is Yi Fu Lee with Cantor Fitzgerald in for Jonathan Ruykhaver. Maybe start with Shlomi. On the -- if I have to ask a pick your favorite child question, right? You have your SAST Catalog, MLOps, Relief Lifecycle and Curation, right, you launched today, right? What do you think is going to be that major upside opportunity in the near term, medium term and long term? Start with that. And then I have a follow-up for Jacob on the financial side.

Well, first of all, let's take Catalog out of the list because Catalog is offered -- we are the binaries people. We own your binaries. We own the binaries of the world. We provide it as a service. It's like LinkedIn or Wikipedia. But on top of it, we are building all type of services. For example, if you want to automate everything that's in Catalog, Curation will do it for you. So on the security side, in the enterprise -- and let's also be honest about another thing. I don't see a 5 developers shop or a 20-developer shop, taking the full JFrog Platform, with JFrog Advanced Security and with JFrog Curation. It's just overshooting. And this is why we built our enterprise sales team, our strategic sales team. They know how to go and to expand our landscape within the customers' portfolio. But on the security side, we see a lot of excitement about secret detection, which is one capability of JFrog Advanced Security. We see a lot of excitement about the release of static analysis, what we announced today. And... [Audio Gap] it's a different type of excitement. It doesn't just come from security, it's also come from developers, unlike [ just ] that they always have to bring the security guys. Curation, it's part of the DevOps budget so far. And I think that, as I said, it's too early to see, but the -- but the main driver, if you ask yourself, what is the trigger? Why security companies should be worried now? They should be worried because -- not because of the fact that JFrog brought a new technology to the market, but because of the fact that the threat is different now. And the hacker is going after another door that is open for him. And the developers that became a target are a target because of the binaries that they left in the public hub or in the runtime environment or in ChatGPT they told them to do something and you don't even know that your developer used it building the code.

And then a follow-up on maybe Koji's question on the go-to-market. So now you have all these products, right? Jacob, does it mean that you need to make more investments on like sales folks, R&D folks? Or is that already embedded? And anything on the messaging, like just because you have 5, 6 new products, right, right now? Anything different you need to do on the messaging and as first steps?

Yes. So on the go-to-market investments, first of all, we started investing into our top-down capabilities several years ago by building the strategic team, completely creating different market collateral for the C level, which is different from the messaging, different from developer, enhancing our support and professional services capabilities, et cetera. With -- specifically with security, we built also overlay team that enables our existing sales force that are involved in marquee deals, that also working with our marketing organization and market education. So all of those investments have already been done. And what we'll have to do is obviously to scale those functions, right? As we continue to grow, as contribution from security will continue to grow, we'll enable more and more of our salespeople and we'll expand those efforts. But the initial investment has already been made.

And if I may add to it, for the first time ever, we also held JFrog Partner Day. And you've been hearing from us about third parties that are now boosting our sales and expanding our sales force. It was the first time ever in JFrog history that we held the JFrog Partner Day. And it included resellers, all the clouds and also all the technology companies that we are integrating with and do some co-sales with them. This is also something that our CRO is developing, alongside the strategic team and the top-down mechanism, because we know that by geography and by technology and by post-sell mechanism, we have to use some partners to expand our footprint.

We've got time for one last question.

Great. So I was just going to ask about that new partner program that you announced in the inaugural Partner Day yesterday. So could you talk a little bit about -- what went into the structure there. It seems to be a little bit less commitment, lower barrier to entry for those partners? And then also I noticed the government component of that. So any opportunity for that to kind of accelerate your federal business there?

Two very important element into it. Our SVP of Partners and Alliances, they joined us a bit more than a year ago, and part of our CRO organization came with the methodology that completely changed the way we thought about partnership. And instead of putting the barrier on how much you bring and how big the customer is, she was aligned with what built JFrog? What was it that scaled JFrog? JFrog scaled because we started with getting in with the repository and grew up to be multimillion deals in some of our customers. And we built this relationship with our trusted partners now, almost 100 people were here yesterday. And we know that if we will set the bar too high, it will shrink the amount of partners that we want to work with. And we want to spread JFrog everywhere. So we are going aggressively after the market. And therefore, we are happy to collaborate with what we call a partnership in a box, easy to initiate, easy to use, less bureaucracy, and focusing on the 3 dimensions: happy partner, happy vendor, happy customer. If we have that, we will expand together. The second thing regarding government, alongside the efforts that we invest in the different certification now, every company now has a completely different certification from Iron Bank, it moved to -- to move to [indiscernible] and so on. So alongside the effort that we are doing on the JFrog side, from the inside out, we started to work part of this partner program, also bring government expert. That's already got us to some government and highly regulated agencies, and we will keep investing in it.

All right. Shlomi, if you'd like to provide any closing remarks before we wrap it up today.

Yes. We have a philosophy in JFrog that what we announced on stage is ready to use. It's not a plan. It's not going after a hype. It's not catching the headline. It's something that our users are stepping out and they see it in the booth and they go and they download or start their cloud account with it. We are very excited about it. And we also know that we are driving a change. We are driving a change in the world. And it's 3 years ago when we went public, it was almost like speaking Hebrew with you when we spoke about binaries. That's the future. And I'm so honored and I'm so happy and what you saw today being released for the first time in the world, not just the AI and the ML, but also all the security tools and the release bundle tools, it's -- we are capable to do so because we are focusing on one asset. And in this asset, I'll promise you that we will be the best company to provide the solution. So may the Frog be with all of you, and thank you for joining us.

Thank you, everyone, for joining.