JFrog Ltd. (FROG) Earnings Call Transcript & Summary

All right. Good afternoon, everyone. I'm Sanjit Singh. I'm the infrastructure software analyst on the Morgan Stanley Software Research team. Super happy to have the management team from JFrog. We have CEO, Shlomi Ben Haim. Shlomi, thank you for joining us and Chief Financial Officer; Ed Grabscheid. Ed, thank you for joining us at the TMT Conference. I think you've been here every year. We really appreciate it.

So now that we've gotten past Elon, let's talk about software supply chains, right? And maybe to kick the conversation off slowly, it's sort of a basic question. You're coming of a solid year, 25% revenue growth, you expanded margins by over 1,000 basis points, operating margin in the double-digit territory. You were sitting at the heart of the software supply chain. And I can sort of ask this question every year, but why are some of biggest companies in the world coming to JFrog to accelerate their software delivery and secure their software supply chain?

Well, first of all, thank you for having us. It's been a wonderful day so far. To your question, what is the software supply chain. Software supply chain is about managing the assets that the developer either bring, create, distribute, deploy. And when you look at this and what you have in mind is that nobody is building from scratch anymore. No one here in this crowd comes from an organization to build software from scratch. So you bring software packages from outside. And then you start to build your own software packages. You merge them, then you distribute them after you secure them. All those software packages are binaries, what we call software packages, images, binaries, models, call it whatever you want. This is the asset that you manage. These are the different quality gates. And what JFrog provides is an end-to-end solution that makes you faster and more secured from the developer keyboard all the way to your run time environment, managing your binaries. So the enterprise, I think, start to understand that that's the primary asset to maintain, to manage, to store, to distribute to deploy and so on. And in the binary world, the Frogs are the best.

And so when you think about the year that you just completed. Can you sort of draw the trend lines on how you started in terms of your customer spending intentions? And how do they end? Where do you see the hesitation that's still lingering and where have things have improved as the year has progressed?

So the starting point is, obviously, the adoption of the single source of record philosophy this is where things are happening. I'm always using a metaphor looking at sales force, for example. Assume that you have 1,000 sales reps and 100 of them decided to work with a spreadsheet side. It's just -- it can scale. So we need all of them to use the same single source of record. This is Artifactory. This is your repository. On top of that, obviously, we added the capabilities, the different capabilities of security, to secure this asset, distribution to distribute it all the way to the production environment. We moved left to secure source code that create binaries. We moved right to secure your run time when the binaries are going there. And with that full suite, we also answering the demand that we get from the market that has to do with consolidation. It's just too much to have 20, 30 different best-of-breed tools. What we hear from the CIOs and the CISOs in the enterprise. We want a comprehensive solution to consolidate around one asset.

Can I ask a follow-up question on the consolidation point. Consolidation, vendor consolidation, tool consolidation is a big theme in software, particularly in infrastructure software. When you see consolidation in the sort of software delivery pipeline, that space, that market, are we talking about 10 different tools going to one? Or how do we think about the magnitude of consolidation?

Well, first, every company that I meet now is speaking about the platform. And why? Because things need to become consolidated. So let's first answer this, what can become a platform? A platform can become something that is focused on a centerpiece. And then on top of it, you're building different capabilities. Otherwise, which is a different methodology you have an integrated set of tools. You don't have a platform. So what we identify is that Artifactory became the single source of record for our customers. And on top of that, we started to build the different capabilities for security and distribution, MLOps, MLSecOps and so on. What happened now is that the CIOs and the CISOs of the world need to answer the crazy best-of-breed period, 20 years of best-of-breed that are now facing. So on the security side, most likely, if you will meet the CIO or CISO this is coming from, let's say, 200 developers and more. They already have more than one tool. If there are 10,000 developers or more, they already have more than 10 tools that are doing the same. Binary repository, they would probably have multiple of them. Source code repositories, they would probably have Bitbucket and GitLab and GitHub. So it started to be impossible when you scale, and when you release more a day, it started to be impossible. And therefore, they are looking for consolidation. And if we needed another tailwind for that, the recession because now they also want to be cost effective. And if they are migrating to the cloud, they want to know that they are bidding on the right platform. The last sentence about that, Sanjit, is that it's not only consolidation as a buzzword or a slogan. It's also what becoming the standout in the market. It's consolidation around expertise and they expect to see coexisting, like, I want to have the best source code solution, and I want to have the best observability solution. So I would like to see a GitHub with JFrog with the Datadog and I'm not expecting you to do everything.

Yes. That makes perfect sense. I want to spend some time talking about the cloud business because it's been a pretty exciting dynamic that's unfolding in that part of the business. But before we get there, let's rope in Ed to the conversation. And I started off some of my introductory comments talking about the efficiency that we've seen in the business, the margins have expanded 1,000 basis points. Can you talk to some of the drivers that got those margins up to that double-digit operating margin level? And as we think going into 2025, how should we think about the pace of margin expansion versus your growth ambitions going into next year?

Yes, that's a great question. So I've been with JFrog for 5 years, and we've always been a very disciplined company. In 2022, we spent a lot of money in technology and the amount of effort around building out our security solution, which we delivered in 2023. So we were, from an operating margin around breakeven, just slightly over breakeven. We saw a ton of leverage in terms of our P&L during 2023. Now part of that was, we took the decision based on an uncertain environment. The first half of the year, we were faced with headwinds around potential downturn, and we paused hiring. We paused a lot of our projects like many other software companies. And because of that, we were able to then ramp that up in second half and had significant improvement in operating margin over 1,000 basis points, as you mentioned. Now going forward, I wouldn't expect that we would continue at that pace, 1,000-plus basis points. We delivered our long-term model in the first quarter of 2023. And what we guided to in the long-term model is that would be somewhere between around 22% operating margin. So from today at 11% to get to 22%, we guided 2024 at 250 basis point improvement. And I would expect going forward, we would see somewhere between that 250 to 400 basis point improvement on a year-over-year basis. So we'll continue to invest, but not -- we'll see improvements, but not at the pace that we saw in 2022 or 2023.

So we'll come back to talk about that target 2027 on target model. Let's talk about the clouded business because that was kind of the star of the show in Q4. I think the theme that had been going on in the cloud business is that there was kind of a string of consecutive quarters was growth was slowing down. And in the last 2 quarters, we've seen meaningful acceleration in that business. So it's a 2-part question. One, what were the factors driving that initial slowdown Shlomi? And then as we've seen that reacceleration in the cloud business for the last 2 quarters, what's been driving that?

Yes. So as we predicted when we entered 2023 with the recession in front of us, alongside with us. What we projected is that the immediate effect would be, first of all, stop everything you do. This is what the CIOs will tell the team. Everything you do stop it right here, right now. And by the way, we did the same, to be honest. We went to our team. And this is the first thing we told them, no hiring. We want to see what's happening. No cloud spending just keep the business running. And then in Q1 and Q2, what started to be clear, is that those companies that until 2023 already migrated to the cloud. They are now taking their time before they are fully adopting the cloud and spending more, but they are already in the cloud. And remember, this is the infrastructure. It's not something that -- it's not an application. It's not you use it or not, we'll see, it's your pipeline. It's either you create software or not. So you cannot forever shut it down. But those that move to the cloud is group A and they gradually started to grow, and this is why we projected that the second half as it happened, the second half would be better in terms of consumption. The other group was those that strategically decided that they are moving to the cloud, moving workloads to the cloud, but didn't start it. And then the migration was kind of freezed. They never moved. Now if you look at the JFrog portfolio around what is it now, 35% of our customer?

35% customers.

Out of 7,400 customers 35% are in the cloud, 65% is self-hosted on-prem. So on one hand, a huge opportunity to grow. On the other hand, these guys are not investing in self-hosted now because they know that they move to the cloud. So there is no growth on the self-hosted but they are not yet in the cloud. So this is what we projected. This is what we discussed during 2023. We were extremely happy to see the low hanging fruit that the cloud users picked and optimize came back as a consumption in the second 2 quarters. We predict that in 2024, we will see kind of the same behavior slowing slowdown of migration, it would not be yet the days of 2022, but consumption with the seasonality with everything we saw in 2023 will be repeated in 2024. And therefore, we provided the guidance with the growth for 2024. 2023, obviously ended up with a very strong tone because of the consumption of the big enterprise, it came back.

It's a great way to frame it. We upgraded the stock in December and the acceleration of the cloud business was one of the reasons why, and I apologize to you for waiting for 3 years to upgrade the stock, that's my fault for being a little bit of loose, but to me, the reacceleration of the cloud business was important because I think it kind of speaks to a central debate that's been going on since -- in this market since the IPO is that as this category as the software pipeline moves into the cloud, does it get reconstructed in the way that it was on-prem? With this fragmented [indiscernible] best-of-breed and with JFrog be [indiscernible] to get consolidated in the cloud would JFrog be part of the cloud stack, if you will, the cloud software delivery stack? So when we see this cloud business start to reaccelerate is now becoming a more meaningful part of the business, does that put that debate to rest that as this category moves the cloud, JFrog will be at the heart of cloud software delivery?

Well, Sanjit, the evolution of disruption since we founded JFrog keep happening. One of the very important strategic point that we took in 2018 was to be a cloud-first company. And it's demonstrated in the numbers, but the efforts on the company side was extremely, extremely help to kind of fleet. It's not only one cloud. We provide a multi-cloud solution. It's not just multi-cloud solution. We provide a multi region. So it's actually the freedom of choice is in the hand of our user and also a hybrid solution. So JFrog was one of the first and only companies in the world of DevOps and security that went that early to the cloud and bet everything we have on having a multi-cloud solution. And now we are picking up the fruit. So I think that I would just share a few use cases in order not to be sound biased with what I'm saying. AT&T moved to a cloud. DevOps and DevSecOps, while moving they displaced Sonatype Nexus, Black Duck and other tools taking JFrog, but that could only happen if we will take them -- the full -- we will take the full journey with them to Microsoft Azure. Vimeo moved to JFrog Artifactory -- from the JFrog Artifactory only to a full subscription with security and everything, but only if we move them to the cloud. So I think it's coming together. It's very hard for me to think, okay, so security is not happening in the cloud and DevOps does happening in the cloud. It's coming together because it's a strategic decision of the enterprise to move to the cloud to be more efficient, to be more secure, to be faster.

If you look at the trend lines of the business, right, you're targeting sort of 40% plus growth in cloud, the overall top line growth for next year 2024 is the sort of low 20s. So if you do the math, maybe by this time next year when you joined us at the conference, the cloud business may be slipping out 50% of the business, maybe a little bit less, maybe a little more. But certainly, on that pathway of crossing the [indiscernible]. So what are the implications for the business? And then maybe you can speak to the financials, of when JFrog gets the majority of its revenue from cloud. How does that change the business? And does it make the business better?

I'll start with the financial side. So I'm sure most people know the model, but the self-hosted or I'll start with the cloud. The cloud is based on a consumption-based model. So we generate revenue based on consumption and as well as storage. The self-hosted is based on number of servers. So from a financial perspective, we benefit much greater from the cloud because that business continues to grow based on as more usage and more products are adopted, we see more consumption driving higher growth. In terms of the expansion, we see much better net dollar retention rates in our cloud. It's still only 35% of our business today. So to move our corporate net dollar retention rate, I need 3 points of growth in the cloud. But in terms of the long term, as that growth in cloud becomes a bigger percentage of our revenue, it's going to benefit us in terms of our financials.

Then Shlomi when you imagine a world 2, 3 years from now, when you're getting 60% of the business from JFrog cloud, what does that mean for the business?

Well, first of all, it means that my competition with the cloud would be even more energizing. We projected on the long-term orders that by 2027, around 50% would be cloud-based. We already see it on a quarterly basis. I think that from a company strategy point of view, it gives me much more flexibility to add more capabilities, to generate more consumption in the cloud and therefore, to be -- also to echo what Ed said to see a different net dollar retention starting to climb back. This is what we bet on. This is how we add capabilities now. have better visibility to your customers when you run the cloud for them. And by the way, let's put aside all of the strategy ideas. This is what the market demand. They want us to provide it as a service. So they will be focused on what they have to be focused.

Do you think it benefits your product engineering efforts and product engineering -- as you get more and more intelligence and telemetry from the usage of your cloud solutions as a potential feedback loop into product engineering?

Well, feedback is one thing. But when you have an on-prem customer, you are depending on the feedback. Like if they are disconnected then you don't hear anything. In the cloud, you have full visibility to what happened. This is A. B, if you look at JFrog. JFrog is the biggest binary repository in the world, the biggest Docker registry, the biggest Maven repository, the biggest C++. The amount of data that we collect is just outstanding. It's amazing. So at some point, data would be so important for the flow of your pipeline that I'm sure that JFrog and already sharing this information coming from the data of the world, all the binaries of the world are going through JFrog. And if I'm hearing AT&T, I was saying thanks God that the outage was not because of JFrog. If I'm hearing a car manufacturing saying, we will slow down on releasing cars to the market because of software update. I know that JFrog became a centerpiece and part of it is because of the fact that binaries are coming with the meta data and not just cloud.

Yes. It makes complete sense. I'll spend some time talking about the security opportunity because one of the evolutions that you're making is from a DevOps platform to a DevSecOps platform. At a fundamental level, what gives JFrog the license to go out and prosecute the security opportunity? I mean GitLabs going after this, datadog's going after this, a private companies going after this. And there's also a ton of incumbent point solutions. So what gives JFrog the license to be a provider of DevSecOp capabilities?

That's a great question, and I have a confession here Sanjit. When we first met, I think shortly before we went public, we spoke about JFrog Xray. And we were very proud of our first security solution. But JFrog Xray was built by developers, for developers, and it was a security solution. So to be completely honest. This is my confession. We were naive because when we acquired Vdoo shortly after the IPO, we acquired a mature security company. These guys were trained as security people in the Israeli intelligence forces. They came in and the first thing they told us, we don't care about developers, we said, "What do you mean you don't care about developers. This is our bread and butter." And what they said that we care about where the attacker is, where the hacker is and then we will reverse engineer it to get to the developer, we need it and to get to different pipelines we needed to get to a different machine if needed. And what they told us is that the only asset that you have in run time in production, the only asset that the attacker, that the hacker can go after is your binaries. So what's the point of having a crazy amount of quality gates, protecting your source code, protecting your containers, protecting your binary repository, protecting your open source, protecting your model, you end up with so many scanners times the amount of developers you have times the amount of releases you have, you know how they end up securing the pipeline with signing an audit document, think we did it right. And what we've built is focus on this asset that goes from the developer end all the way to production. And when you get it not only with a security solution with a lot of different capabilities that are now a point solution, but you get it also with the repository, which is your single source of truth. Then I don't see why companies will tell us we want another solution. So for sure, I'm going to say something here, and I hope it wouldn't sound too arrogant, for sure, 5 years from now, there were no one in the crowd or on stage that will say that security can be a point solution. It just doesn't make sense. This is already checked. I'm seeing it in the market. It will take time because no security stakeholder is us just switching off and on tools before they have the confidence. No one here is coming from security background, right? Okay. So I can say that they are also paranoid. And the second thing that we will see. So no point solutions. The second thing that we will see is that the CISOs of the world and the CIOs of the world will start to be one. It's already happening. It happened in Morgan Stanley, happening in Scotiabank, happening in RBC. We see it in the banking, CISOs and CIOs becoming one, they think the same and they want to make sure that they are secured A to Z with whatever coming, whether it's a machine that bolted or a developer. And when it comes to that, then the only asset that you have to protect in order to control your software supply chain, is the binaries. And therefore, I think we bring some advantage.

Yes. So platforms win in the long run. Is a pickup on some of the points that you just made, Shlomi, you announced an advanced security bundle like well over a year ago and now has 6 different distinct capabilities. I imagine we'll probably see more -- even more over time. I guess the fundamental question coming off the last question is you may be servicing a developer, DevOps or even a security professional, but who owns the budget, right? And to the extent is that, is the budget being owned by the head of DevOps or the head of IT? Or is it kind of CISO or security operations teams? And to the extent that it is a security operations teams and the security side of the house, where do you stand in terms of developing those relationships, both with those types of purchase decision makers as well as like kind of the security ecosystem, the channels from the partners? Where do we stand in that evolution?

Yes. So budget kind of owner. It's still the security team, but the people who spend it is the developers. It's like in our family, I'm the budget owner, but my wife spend it all. So it's the same thing. And they are bringing the security stakeholders because they know that they cannot stay vulnerable anymore. They cannot stay vulnerable and they have to change. They have to shift gears. So we are speaking with both. We implemented a very strong enterprise go-to-market motion. We know how to speak with different persona. We know how to speak with different budget holders, but it just takes longer. I'm sorry, the second question?

I mean that was essentially the heart of it. It's like who owns the budget? And then is there a security ecosystem that you have to plug into and invest into as well?

It's emerged. The DevOps engineers, DevSecOps engineers and product managers. These are the main personas that we need.

Great. Again, talking about the security strategy in this market, we talked about shifting right or shifting left. I guess my question is how far left does the company have to shift? I mean do we have to get to the point where as a developer is writing code, we are in real time, assessing vulnerabilities at that level. And I guess maybe you can speak to some of the product announced team made around on SaaS and whether you need to go in to [ data ] over time. But how far left do you have to be to be successful in the security vision?

So there is a huge trend in the past 5 years of shifting left. There is also a clear understanding that most of the budget is on the right side, the products and the run time, right. Shifting left means the developer shifting right means the run time and the production environment. But by definition, it means that there is a center. So if we are shifting left and right, it means that the binary is out at the center, JFrog Artifactory is at the center. Shifting left is getting closer to the developers in order to make sure that everything they do is fully automated from the moment they start to create binaries and to protect them. So how far left to the developer environment on, which is the IDE, the source code and the CI/CD. How far, right to the organization environment, which is run time, observability. And that means not only with the binary distribution and management, but also security for run time and other expansion that we are looking at.

Awesome. Maybe Ed this could be a question for you or Shlomi, feel free to expand upon it. But if we take a hypothetical customer that's sort of at 100,000 spend today looking at sort of the enterprise or Enterprise Plus subscription, if they bring on advanced security and maybe you can talk about the pricing of advanced security. What does that spend go for that 100,000 customers if they're adopting also? Is that 100,000 going to 150,000? Is it going to 1 million? I know it's early in the advanced security like adoption motion, but what are some of the early proof points on the uplift to ARR?

So the security, the way that we have this price on a per seat basis. So we align our pricing that is consistent with how we see pricing in the market, first off. But secondly, there is no company -- software company today that would take security and replace what the solution that they have today. So what they would start with is a proof of concept. An introductory type of pricing, and that would be somewhere between 50,000 to 60,000, somewhere in that range. So you take that 100,000 and you bump that up 50,000 to 60,000 for an introductory type pricing. From there, as the developer starts to adopt and we replace a point solution, then it's on a per seat. We have -- we're working with some of the largest enterprises in the world. They've got 20,000 developers, 20,000, 30,000, 40,000 developers. And as that becomes widely adopted, the potential is massive for us in terms of our security.

Potentially, it's very kind of a high, when we look at the addressable market of DevSecOps, we are looking at $40 billion market. That's according to Gartner, Forrester and IDC. When we look at the DevOps market, we are talking about $25 billion. Think about the potential of both of them, not only in terms of the potential, but also the stickiness, like you get to an organization and you do DevOps and security, that's the end of the story. But I think to go back to what Ed mentioned it's important to remind the guests here in the room that what we included in our 2023 reports is still not with a material security income and input and impact.

Awesome. I've gone through 30 minutes and I haven't asked a single AI questions, but now I'm going to ask a ton. So let's start with the -- like what we've seen in security thus far, right? We've seen Code Advisor, code copilots, right? That's addressing code generation. Shlomi, from your perspective, what is the opportunity for AI to influence, automate, make the entire pipeline better, if you could sort of break that down for us?

So the short answer is for sure it will impact our future. It will impact our performance financials and in terms of software supply chain performance. A double-click on it, to be honest, I don't know how it will impact. It's too early. I don't think that anyone knows what I hear is what I'm sharing with you is that, a, most of the CIOs that we asked and we read in the service, one of them is your survey are saying, we will have AI in production in 2024 in production. In production means that they have to build the pipeline, build the security around it, build the testing around it, build a full flow of AI all the way to production. The second thing that we see is that every time that you refresh your browser. You see a new solution and a new company and a new thing that comes with AI. I feel that there is too much cluster. So we were focusing on providing our customers what they needed. And in September, JFrog was the first company that announced the native support of Hugging Face, the biggest AI repository. So AI is not just a title at JFrog. When we look at models, we look at them as packages, yet another binary. If it's a binary, it should be hosted in Artifactory, installed in Artifactory. Therefore, you need this integration with Hugging Face check, you got it. And then our customers told us and what about security. So we added this capability to Xray to scan your models to make sure that you don't bring any malicious model, any vulnerabilities, any CVEs or open source license that you don't want. Very basic, but very practical. And therefore, we immediately saw our customers starting to use Artifactory, the single source of record for models as well. How it will impact our revenue? It's not included in our forecast. It's not included in our long term. It might be a tailwind. We might change it if we see that it requires some definition there. But currently, we are focusing on being the problem solvers and the paint solvers of our customers, and that will generate a standard data.

Yes, that was going to be my next question. You sort of addressed it here, but moving into the MLOps opportunity and signing partnerships with Hugging Face. It's the same question that I asked around securities like what gives JFrog the license to be part of that pretty exciting ecosystem. Maybe you can expand on that.

So MLOps and MLSecOps are all about managing your models. Managing your models equals to managing your binaries. A model is a minor. Now a model by itself means nothing. You have to bring the data set in order to train the model. So where do you host those binaries in Artifactory. MLSecOps means that on every quality gate, every policy gate and every release gate, you have a checkpoint to make sure that this model is not going to the run time environment without being blessed. It's a huge opportunity for us. And we are looking at the expansion of our platform toward the MLOps and MLSecOps because it's really reminding the days of CI/CD. So basically, you probably heard about our integration with the SageMaker, from AWS. They ask us -- our customers asked us like how can we make sure that the model that we launching Artifactory is also the model that SageMaker, the deployment tool is taking from Artifactory and putting in production. Another announcement we made last week was with Qwak which is an ML company. And for us, Qwak is just like Jenkins, but for MLOps. So by definition, we are building the philosophy of 2 integrated to fail to provide you with the freedom of choice with again, Artifactory at the center. And I think it's a great -- and it's a huge opportunity for JFrog because as we keep saying, yet another model, yet another binary, yet had another package. We see it model as a package when we look at the MLOps and MLSecOps industry.

It's a great way to frame it. Let's circle back to the long-term model. [Operator Instructions] But first, on the long-term model. So if I remember correctly, we sort of take the midpoint roughly targeting about $800 million by 2027 with roughly 80% gross margins, 21% to 2023 operating margin. So as we exit 2023, going into '24, what you're seeing, do you feel like you're on track to hit that midterm target model? And what would be the factors that we -- that could come online that can deliver your upside to the higher end of that target range?

The way that we're tracking right now, we feel very comfortable that we have a path to get to the midpoint of $800 million, and that's based off of what we see in terms of platform, our platform adoption and the growth that we see in those million-dollar plus customers and the investments that we've made to track on the platform. the cloud growth and what we've seen so far, very promising second half of 2023, although I don't know that we're totally out of the woods, but we do see commitments. We guided to mid-40s for 2024. And so we see a nice trend in the cloud. And then third is going to be security. So with that, all of these factors, we feel very comfortable in terms of what we projected in our long-term model and hitting the mid guidance of $800 million. Now to answer the question, what are some of the tailwinds that we see in the 2 that could go to the upper part of our long-term model. Shlomi hit on this. MLOps and MLSecOps, which is not in our long-term model. So we don't know today what that can generate in terms of how we monetize but we see a potential there, and that could be upside for us. Additionally, migrations. Today, migrations and what we see from self-hosted cloud migrations from self-hosted to cloud, we're not seeing them at the same pace that we saw during 2022, and we see 2024 with a similar trend to 2023. So if those migrations from self-hosted to cloud improve, that could drive additional tailwinds for us as well.

I would just remind the form that we released the long-term model on the first quarter of 2023, deep into the recession. So everything is a tailwind.

Absolutely. If anyone has any questions? We have one in the middle.

One of the things that's been coming up on my customer calls is just -- and I don't know if it's just a small sample to ask on my end, but the pricing of the on-premise, like multiple customers have kind of said, look, if I look across my DevOps stack, this is really cheap, relative to my other vendors, their big businesses, but the spend might be actually kind of small for something as core. Just how do you guys think about that? I'm thinking about it a little bit in the context of like Atlassian, whatever, massively increasing pricing and forcing people. Just would be curious to hear your philosophy there and if that's a consistent trend.

That's a comment that we hear quite often lately. It's hard to compare the Atlassian because Atlassian decided that all the customers will move to the cloud. We decided that strategically, we will keep the on-prem solution, and we will give the customer the freedom of choice. And what we see on the survey is that by 2027, 40% of the assets of your DevOps assets would still stay on-prem. Coming to security, there is an easier adoption for security stakeholders to do it on-prem. They are going to the cloud, it's on muscle. Now going with security to the cloud, it's a full body. So to speak about the on-prem pricing, we are looking at it. In 2021, we increased the prices. I'm not talking about inflation kind of update. I'm talking about price updates, and we did it in 2021. And we keep adding values now to the on-prem, on one hand, to increase the adoption and wait for the migration to happen and then it would be consumption-based. On the other hand, the all the add-ons that we added, JFrog Advanced Security, JFrog Curation and the rest of the products are coming with a [indiscernible]. So I assume we will see a different motion there in terms of the net dollar retention. The last piece on that is that we are also looking at the different asset that is now managed on the on-prem and how can we price something with building the right value? Now I saw companies that changed their model because they thought that it's -- they deserve to get more and they ended up with being disrupted by a cheaper solution. I need to make sure that my on-prem portfolio is moving to the cloud. That's my top priority. Second, that I'm not losing money because this guy here wants to be profitable. And third is that every addition of technology comes with a model that scale with the adoption and not necessarily the service.

Awesome. Well, we have to leave it there. Thank you so much, Shlomi, thank you so much for joining us at the conference, giving us an update. Thank you.

Thank you, everyone.