10-K 1 frog-20231231.htm 10-K 10-K
--12-31FY366false00018006670http://fasb.org/us-gaap/2023#UsefulLifeShorterOfTermOfLeaseOrAssetUtilityMemberhttp://fasb.org/us-gaap/2023#CostOfRevenuehttp://fasb.org/us-gaap/2023#CostOfRevenuehttp://fasb.org/us-gaap/2023#CostOfRevenuehttp://fasb.org/us-gaap/2023#ResearchAndDevelopmentExpensehttp://fasb.org/us-gaap/2023#ResearchAndDevelopmentExpensehttp://fasb.org/us-gaap/2023#ResearchAndDevelopmentExpensehttp://fasb.org/us-gaap/2023#SellingAndMarketingExpensehttp://fasb.org/us-gaap/2023#SellingAndMarketingExpensehttp://fasb.org/us-gaap/2023#SellingAndMarketingExpensehttp://fasb.org/us-gaap/2023#GeneralAndAdministrativeExpensehttp://fasb.org/us-gaap/2023#GeneralAndAdministrativeExpensehttp://fasb.org/us-gaap/2023#GeneralAndAdministrativeExpensehttp://fasb.org/us-gaap/2023#NonoperatingIncomeExpensehttp://fasb.org/us-gaap/2023#NonoperatingIncomeExpensehttp://fasb.org/us-gaap/2023#NonoperatingIncomeExpenseOne year0001800667us-gaap:FairValueInputsLevel3Member2022-12-310001800667us-gaap:ForeignExchangeContractMemberus-gaap:DesignatedAsHedgingInstrumentMember2023-01-012023-12-3100018006672021-01-012021-12-310001800667frog:TwoThousandTwentyPlanMember2020-09-300001800667frog:AccruedExpensesAndOtherCurrentLiabilitesMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueInputsLevel2Member2022-12-310001800667country:US2022-01-012022-12-310001800667us-gaap:CommonStockMember2020-12-310001800667us-gaap:RetainedEarningsMember2021-12-310001800667us-gaap:CommonStockMember2021-12-310001800667us-gaap:NondesignatedMember2021-01-012021-12-310001800667us-gaap:CustomerConcentrationRiskMemberus-gaap:AccountsReceivableMembersrt:MinimumMember2022-01-012022-12-310001800667frog:AccruedExpensesAndOtherCurrentLiabilitesMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueInputsLevel2Member2023-12-310001800667frog:EmployeeStockPurchasePlanMember2020-08-012020-08-310001800667frog:IssuableOrdinarySharesRelatedToBusinessCombinationMember2021-01-012021-12-310001800667us-gaap:PrepaidExpensesAndOtherCurrentAssetsMemberus-gaap:FairValueInputsLevel2Member2023-12-310001800667us-gaap:ForeignExchangeContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:SellingAndMarketingExpenseMember2021-01-012021-12-310001800667us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Member2022-12-310001800667us-gaap:ProductConcentrationRiskMemberus-gaap:SalesRevenueNetMemberus-gaap:LicenseMember2021-01-012021-12-310001800667us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Member2023-12-310001800667us-gaap:ProductConcentrationRiskMemberus-gaap:SalesRevenueNetMember2023-01-012023-12-3100018006672023-12-310001800667country:IL2023-12-310001800667us-gaap:ForeignExchangeContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:GeneralAndAdministrativeExpenseMember2021-01-012021-12-310001800667us-gaap:CustomerConcentrationRiskMembersrt:MinimumMemberus-gaap:RevenueFromContractWithCustomerMember2023-01-012023-12-310001800667frog:VdooConnectedTrustLtdMemberus-gaap:DevelopedTechnologyRightsMember2021-01-012021-12-310001800667frog:UpswiftLtdMember2021-08-310001800667country:IL2022-01-012022-12-310001800667us-gaap:CustomerConcentrationRiskMembersrt:MinimumMemberus-gaap:RevenueFromContractWithCustomerMember2022-01-012022-12-310001800667us-gaap:ForeignExchangeContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberfrog:SubscriptionSelfManagedAndSoftwareAsAServiceMember2022-01-012022-12-3100018006672022-09-300001800667us-gaap:RetainedEarningsMember2021-01-012021-12-310001800667us-gaap:AccumulatedDistributionsInExcessOfNetIncomeMember2022-12-310001800667us-gaap:FairValueInputsLevel2Member2023-12-310001800667us-gaap:NondesignatedMemberus-gaap:ForeignExchangeContractMember2023-12-310001800667us-gaap:AccumulatedGainLossNetCashFlowHedgeParentMember2021-12-310001800667country:IN2022-12-310001800667frog:FurnitureAndOfficeEquipmentMembersrt:MinimumMember2023-12-310001800667frog:SaasMemberus-gaap:ProductConcentrationRiskMemberus-gaap:SalesRevenueNetMember2023-01-012023-12-310001800667us-gaap:ForeignExchangeContractMemberus-gaap:ResearchAndDevelopmentExpenseMemberus-gaap:DesignatedAsHedgingInstrumentMember2023-01-012023-12-310001800667frog:ComputerAndSoftwareMember2023-12-310001800667frog:TwoThousandTwentyPlanMember2020-09-012020-09-300001800667us-gaap:FairValueInputsLevel2Memberus-gaap:USGovernmentAgenciesDebtSecuritiesMember2022-12-310001800667us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMember2022-12-310001800667us-gaap:DevelopedTechnologyRightsMember2022-01-012022-12-3100018006672022-01-012022-12-310001800667frog:PreferredTechnologyEnterprisesMember2023-01-012023-12-310001800667us-gaap:FairValueInputsLevel2Memberus-gaap:CertificatesOfDepositMember2023-12-310001800667us-gaap:AgencySecuritiesMemberfrog:PortionAtFairValueDisclosureMember2022-12-310001800667srt:MinimumMemberus-gaap:CustomerRelationshipsMember2023-12-310001800667us-gaap:USGovernmentAgenciesDebtSecuritiesMember2022-12-310001800667us-gaap:CertificatesOfDepositMember2023-12-310001800667us-gaap:ForeignExchangeContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberfrog:SubscriptionSelfManagedAndSoftwareAsAServiceMember2023-01-012023-12-310001800667us-gaap:SubscriptionAndCirculationMember2022-01-012022-12-310001800667country:USus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2022-01-012022-12-310001800667us-gaap:AgencySecuritiesMemberus-gaap:FairValueInputsLevel2Member2022-12-310001800667frog:MsElisaSteeleMember2023-10-012023-12-310001800667us-gaap:RestrictedStockUnitsRSUMember2021-01-012021-12-310001800667us-gaap:NondesignatedMemberfrog:AccruedExpensesAndOtherCurrentLiabilitesMemberfrog:PortionAtFairValueDisclosureMember2022-12-310001800667us-gaap:NondesignatedMemberus-gaap:ForeignExchangeContractMember2021-01-012021-12-310001800667us-gaap:EmployeeStockOptionMember2023-12-310001800667frog:IssuableOrdinarySharesRelatedToBusinessCombinationMember2023-01-012023-12-310001800667us-gaap:RevenueFromContractWithCustomerMember2023-01-012023-12-310001800667us-gaap:EmployeeStockOptionMemberfrog:TwoThousandElevenPlanMember2020-09-012020-09-3000018006672024-02-090001800667us-gaap:GeneralAndAdministrativeExpenseMemberfrog:VdooConnectedTrustLtdMember2021-01-012021-12-310001800667us-gaap:StateAndLocalJurisdictionMember2023-12-310001800667us-gaap:PrepaidExpensesAndOtherCurrentAssetsMemberus-gaap:FairValueInputsLevel2Member2022-12-310001800667us-gaap:GeneralAndAdministrativeExpenseMember2021-01-012021-12-310001800667us-gaap:SalesRevenueNetMemberus-gaap:GeographicConcentrationRiskMemberfrog:RestOfWorldMember2022-01-012022-12-310001800667country:USus-gaap:SalesRevenueNetMemberus-gaap:GeographicConcentrationRiskMember2023-01-012023-12-310001800667us-gaap:AccumulatedGainLossNetCashFlowHedgeParentMember2022-12-310001800667us-gaap:EmployeeStockOptionMember2022-01-012022-12-310001800667us-gaap:BankTimeDepositsMember2023-12-310001800667country:IL2022-12-310001800667us-gaap:CostOfSalesMember2021-01-012021-12-310001800667us-gaap:CommonStockMember2022-12-310001800667us-gaap:SellingAndMarketingExpenseMember2023-01-012023-12-310001800667us-gaap:AccountsReceivableMember2022-01-012022-12-310001800667us-gaap:USGovernmentAgenciesDebtSecuritiesMember2023-12-310001800667us-gaap:RestrictedStockUnitsRSUMember2023-01-012023-12-310001800667us-gaap:RestrictedStockUnitsRSUMember2023-01-012023-12-310001800667frog:VdooConnectedTrustLtdMember2021-01-012021-12-310001800667us-gaap:NondesignatedMember2023-01-012023-12-310001800667us-gaap:IsraelTaxAuthorityMember2023-12-310001800667us-gaap:RestrictedStockMember2023-12-310001800667country:ILus-gaap:SalesRevenueNetMemberus-gaap:GeographicConcentrationRiskMember2021-01-012021-12-310001800667us-gaap:OtherIntangibleAssetsMember2023-01-012023-12-310001800667us-gaap:ProductConcentrationRiskMemberfrog:SelfmanagedSubscriptionMemberus-gaap:SalesRevenueNetMember2022-01-012022-12-310001800667us-gaap:ForeignExchangeContractMemberfrog:SubscriptionSelfManagedAndSoftwareAsAServiceMemberus-gaap:DesignatedAsHedgingInstrumentMember2021-01-012021-12-310001800667us-gaap:ForeignExchangeContractMemberus-gaap:DesignatedAsHedgingInstrumentMember2021-01-012021-12-310001800667us-gaap:ForeignExchangeContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:SellingAndMarketingExpenseMember2023-01-012023-12-310001800667frog:OtherOfficersOrDirectorsMember2023-10-012023-12-310001800667frog:VdooConnectedTrustLtdMember2021-07-192021-07-190001800667srt:MaximumMember2023-01-012023-12-310001800667us-gaap:OtherIntangibleAssetsMember2022-01-012022-12-310001800667frog:AccruedExpensesAndOtherCurrentLiabilitesMemberfrog:PortionAtFairValueDisclosureMemberus-gaap:DesignatedAsHedgingInstrumentMember2023-12-310001800667frog:SaasMember2022-01-012022-12-310001800667frog:PortionAtFairValueDisclosureMemberfrog:VdooConnectedTrustLtdMemberus-gaap:CustomerRelationshipsMember2021-01-012021-12-310001800667us-gaap:AgencySecuritiesMember2023-12-310001800667frog:VdooConnectedTrustLtdMember2021-07-190001800667srt:MinimumMember2023-12-310001800667frog:PortionAtFairValueDisclosureMemberus-gaap:PrepaidExpensesAndOtherCurrentAssetsMember2023-12-310001800667us-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMemberfrog:RestOfWorldMember2021-01-012021-12-310001800667us-gaap:GeneralAndAdministrativeExpenseMember2022-01-012022-12-310001800667us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMember2023-12-310001800667us-gaap:NondesignatedMemberus-gaap:ForeignExchangeContractMember2022-12-310001800667us-gaap:AccumulatedNetUnrealizedInvestmentGainLossMember2022-12-310001800667us-gaap:FairValueInputsLevel1Member2023-12-310001800667us-gaap:RestrictedStockUnitsRSUMember2022-01-012022-12-310001800667frog:SaasMember2021-01-012021-12-310001800667us-gaap:ProductConcentrationRiskMemberus-gaap:SalesRevenueNetMemberus-gaap:LicenseMember2022-01-012022-12-310001800667frog:RestOfWorldMember2021-01-012021-12-310001800667us-gaap:AdditionalPaidInCapitalMember2023-01-012023-12-3100018006672023-06-300001800667frog:VdooConnectedTrustLtdMemberus-gaap:RestrictedStockUnitsRSUMember2021-07-190001800667us-gaap:CustomerRelationshipsMember2022-01-012022-12-310001800667country:USus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-01-012021-12-310001800667us-gaap:BilledRevenuesMember2023-12-310001800667frog:FurnitureAndOfficeEquipmentMember2022-12-310001800667us-gaap:SubscriptionAndCirculationMember2021-01-012021-12-3100018006672022-12-310001800667frog:IsraeliSeverancePayMember2021-01-012021-12-310001800667us-gaap:NondesignatedMemberus-gaap:PrepaidExpensesAndOtherCurrentAssetsMemberus-gaap:FairValueInputsLevel2Member2022-12-310001800667country:ILus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2023-01-012023-12-310001800667us-gaap:ProductConcentrationRiskMemberfrog:SelfmanagedSubscriptionMemberus-gaap:SalesRevenueNetMember2021-01-012021-12-310001800667frog:EmployeeStockPurchasePlanMember2023-01-012023-12-310001800667us-gaap:ForeignExchangeContractMemberus-gaap:DesignatedAsHedgingInstrumentMember2022-12-310001800667country:IL2023-01-012023-12-310001800667frog:PortionAtFairValueDisclosureMemberus-gaap:MoneyMarketFundsMember2022-12-310001800667us-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:PrepaidExpensesAndOtherCurrentAssetsMemberus-gaap:FairValueInputsLevel2Member2023-12-310001800667us-gaap:NondesignatedMemberfrog:AccruedExpensesAndOtherCurrentLiabilitesMemberus-gaap:FairValueInputsLevel2Member2022-12-310001800667country:IN2023-12-310001800667us-gaap:EmployeeStockOptionMember2021-01-012021-12-310001800667us-gaap:CorporateDebtSecuritiesMemberfrog:PortionAtFairValueDisclosureMember2023-12-310001800667us-gaap:CostOfSalesMember2022-01-012022-12-310001800667us-gaap:DevelopedTechnologyRightsMember2022-12-310001800667us-gaap:RevenueFromContractWithCustomerMember2022-01-012022-12-310001800667us-gaap:AccumulatedDistributionsInExcessOfNetIncomeMember2023-01-012023-12-310001800667us-gaap:LeaseholdImprovementsMember2022-12-310001800667frog:SaasMemberus-gaap:ProductConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-01-012021-12-310001800667us-gaap:ResearchAndDevelopmentExpenseMember2023-01-012023-12-310001800667frog:SharePurchaseRightsUnderTheEsppMember2022-01-012022-12-310001800667us-gaap:CorporateDebtSecuritiesMember2023-12-310001800667us-gaap:ProductConcentrationRiskMemberfrog:SelfmanagedSubscriptionMemberus-gaap:SalesRevenueNetMember2023-01-012023-12-310001800667country:US2022-12-310001800667us-gaap:LicenseMember2021-01-012021-12-310001800667us-gaap:RetainedEarningsMember2020-12-310001800667frog:IsraeliInnovationAuthorityMemberfrog:GrantsMember2023-01-012023-12-3100018006672023-01-012023-12-310001800667us-gaap:CommonStockMember2022-01-012022-12-310001800667frog:RestOfWorldMember2022-12-310001800667country:US2023-01-012023-12-310001800667us-gaap:NondesignatedMemberfrog:AccruedExpensesAndOtherCurrentLiabilitesMemberus-gaap:FairValueInputsLevel2Member2023-12-310001800667frog:PortionAtFairValueDisclosureMemberus-gaap:USGovernmentAgenciesDebtSecuritiesMember2023-12-310001800667frog:RestOfWorldMember2023-01-012023-12-310001800667frog:FurnitureAndOfficeEquipmentMember2023-12-310001800667frog:SharePurchaseRightsUnderTheEsppMember2023-01-012023-12-310001800667frog:VdooConnectedTrustLtdMemberus-gaap:CustomerRelationshipsMember2021-01-012021-12-310001800667us-gaap:DesignatedAsHedgingInstrumentMemberfrog:PortionAtFairValueDisclosureMemberus-gaap:PrepaidExpensesAndOtherCurrentAssetsMember2022-12-310001800667us-gaap:NondesignatedMemberus-gaap:ForeignExchangeContractMember2023-01-012023-12-310001800667us-gaap:ResearchAndDevelopmentExpenseMemberus-gaap:ForeignExchangeContractMemberus-gaap:DesignatedAsHedgingInstrumentMember2022-01-012022-12-310001800667us-gaap:ForeignExchangeContractMemberus-gaap:ResearchAndDevelopmentExpenseMemberus-gaap:DesignatedAsHedgingInstrumentMember2021-01-012021-12-310001800667srt:MinimumMemberus-gaap:DevelopedTechnologyRightsMember2023-12-310001800667us-gaap:NondesignatedMemberfrog:PortionAtFairValueDisclosureMemberus-gaap:PrepaidExpensesAndOtherCurrentAssetsMember2022-12-310001800667us-gaap:CommercialPaperMember2023-12-310001800667us-gaap:AccumulatedDistributionsInExcessOfNetIncomeMember2021-12-310001800667frog:RestOfWorldMember2023-12-310001800667us-gaap:NondesignatedMemberfrog:PortionAtFairValueDisclosureMemberus-gaap:PrepaidExpensesAndOtherCurrentAssetsMember2023-12-310001800667us-gaap:AccumulatedGainLossNetCashFlowHedgeParentMember2022-01-012022-12-310001800667frog:PortionAtFairValueDisclosureMemberus-gaap:MoneyMarketFundsMember2023-12-310001800667us-gaap:CorporateDebtSecuritiesMemberfrog:PortionAtFairValueDisclosureMember2022-12-310001800667us-gaap:AccumulatedGainLossNetCashFlowHedgeParentMember2023-12-310001800667us-gaap:AgencySecuritiesMemberfrog:PortionAtFairValueDisclosureMember2023-12-310001800667frog:EmployeeStockPurchasePlanMember2023-12-310001800667frog:SubscriptionMember2021-01-012021-12-310001800667us-gaap:FairValueInputsLevel2Memberus-gaap:USGovernmentAgenciesDebtSecuritiesMember2023-12-310001800667us-gaap:AccumulatedGainLossNetCashFlowHedgeParentMember2023-01-012023-12-310001800667frog:RestOfWorldMember2022-01-012022-12-310001800667frog:SelfmanagedSubscriptionMember2022-01-012022-12-310001800667frog:SubscriptionMember2023-01-012023-12-310001800667us-gaap:ForeignExchangeContractMemberus-gaap:DesignatedAsHedgingInstrumentMember2022-01-012022-12-310001800667us-gaap:FairValueInputsLevel2Memberus-gaap:CertificatesOfDepositMember2022-12-310001800667us-gaap:DesignatedAsHedgingInstrumentMember2022-01-012022-12-310001800667frog:SaasMember2023-01-012023-12-310001800667frog:PortionAtFairValueDisclosureMemberus-gaap:CertificatesOfDepositMember2022-12-310001800667us-gaap:NondesignatedMemberfrog:AccruedExpensesAndOtherCurrentLiabilitesMemberfrog:PortionAtFairValueDisclosureMember2023-12-310001800667frog:TwoThousandTwentyPlanMember2023-12-310001800667us-gaap:AdditionalPaidInCapitalMember2021-12-310001800667us-gaap:ProductConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-01-012021-12-310001800667frog:SubscriptionMember2022-01-012022-12-310001800667frog:IsraeliSeverancePayMember2023-01-012023-12-310001800667country:US2023-12-3100018006672021-12-310001800667srt:MaximumMemberfrog:FurnitureAndOfficeEquipmentMember2023-12-310001800667us-gaap:LicenseMember2023-01-012023-12-310001800667frog:PortionAtFairValueDisclosureMember2022-12-310001800667us-gaap:AccumulatedDistributionsInExcessOfNetIncomeMember2022-01-012022-12-310001800667us-gaap:AccumulatedNetUnrealizedInvestmentGainLossMember2022-01-012022-12-310001800667us-gaap:AccountsReceivableMember2023-01-012023-12-310001800667us-gaap:NondesignatedMember2022-01-012022-12-310001800667us-gaap:PrepaidExpensesAndOtherCurrentAssetsMemberfrog:PortionAtFairValueDisclosureMember2022-12-310001800667srt:MaximumMemberus-gaap:DevelopedTechnologyRightsMember2023-12-310001800667us-gaap:CommonStockMember2023-01-012023-12-310001800667frog:IssuableOrdinarySharesRelatedToBusinessCombinationMember2022-01-012022-12-310001800667us-gaap:AccumulatedNetUnrealizedInvestmentGainLossMember2021-12-310001800667us-gaap:NondesignatedMemberus-gaap:PrepaidExpensesAndOtherCurrentAssetsMemberus-gaap:FairValueInputsLevel2Member2023-12-310001800667us-gaap:RetainedEarningsMember2022-12-310001800667us-gaap:LicenseMember2022-01-012022-12-310001800667country:IL2021-01-012021-12-310001800667us-gaap:AgencySecuritiesMember2022-12-310001800667us-gaap:ResearchAndDevelopmentExpenseMember2022-01-012022-12-310001800667srt:MaximumMemberus-gaap:CustomerRelationshipsMember2023-12-310001800667frog:SelfmanagedSubscriptionMember2021-01-012021-12-310001800667us-gaap:OtherIntangibleAssetsMember2022-12-310001800667us-gaap:AccumulatedNetUnrealizedInvestmentGainLossMember2023-01-012023-12-310001800667frog:PortionAtFairValueDisclosureMemberus-gaap:CommercialPaperMember2023-12-3100018006672020-12-310001800667us-gaap:ProductConcentrationRiskMemberus-gaap:SalesRevenueNetMemberus-gaap:LicenseMember2023-01-012023-12-310001800667us-gaap:DesignatedAsHedgingInstrumentMember2021-01-012021-12-310001800667us-gaap:CustomerConcentrationRiskMemberus-gaap:AccountsReceivableMembersrt:MinimumMember2023-01-012023-12-310001800667frog:PortionAtFairValueDisclosureMemberfrog:VdooConnectedTrustLtdMemberus-gaap:DevelopedTechnologyRightsMember2021-01-012021-12-310001800667frog:VdooConnectedTrustLtdMembersrt:MinimumMember2021-07-192021-07-190001800667us-gaap:AdditionalPaidInCapitalMember2020-12-310001800667srt:MaximumMemberfrog:VdooConnectedTrustLtdMember2021-07-192021-07-190001800667frog:MsElisaSteeleMember2023-12-310001800667us-gaap:EmployeeStockOptionMember2023-01-012023-12-310001800667us-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2023-01-012023-12-310001800667us-gaap:CommercialPaperMember2022-12-310001800667us-gaap:ForeignExchangeContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:GeneralAndAdministrativeExpenseMember2022-01-012022-12-310001800667us-gaap:GeneralAndAdministrativeExpenseMember2023-01-012023-12-310001800667us-gaap:NondesignatedMemberus-gaap:ForeignExchangeContractMember2022-01-012022-12-310001800667frog:SharePurchaseRightsUnderTheEsppMember2021-01-012021-12-310001800667srt:MinimumMember2023-01-012023-12-310001800667us-gaap:AdditionalPaidInCapitalMember2021-01-012021-12-310001800667frog:AccruedExpensesAndOtherCurrentLiabilitesMemberus-gaap:DesignatedAsHedgingInstrumentMemberfrog:PortionAtFairValueDisclosureMember2022-12-310001800667us-gaap:AdditionalPaidInCapitalMember2023-12-310001800667us-gaap:AdditionalPaidInCapitalMember2022-12-310001800667us-gaap:CorporateDebtSecuritiesMember2022-12-3100018006672024-01-012023-12-310001800667us-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2022-01-012022-12-310001800667us-gaap:AccumulatedNetUnrealizedInvestmentGainLossMember2023-12-310001800667frog:TwoThousandTwentyPlanMember2023-01-012023-01-010001800667us-gaap:CommonStockMember2021-01-012021-12-310001800667frog:EmployeeStockPurchasePlanMember2022-01-012022-12-310001800667us-gaap:ForeignExchangeContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:GeneralAndAdministrativeExpenseMember2023-01-012023-12-310001800667us-gaap:BankTimeDepositsMember2022-12-310001800667frog:SubscriptionMemberus-gaap:ProductConcentrationRiskMemberus-gaap:SalesRevenueNetMember2022-01-012022-12-310001800667us-gaap:UnbilledRevenuesMember2023-12-310001800667us-gaap:ResearchAndDevelopmentExpenseMember2021-01-012021-12-310001800667frog:SubscriptionMemberus-gaap:ProductConcentrationRiskMemberus-gaap:SalesRevenueNetMember2023-01-012023-12-310001800667us-gaap:AccumulatedDistributionsInExcessOfNetIncomeMember2021-01-012021-12-310001800667us-gaap:SalesRevenueNetMemberus-gaap:GeographicConcentrationRiskMember2021-01-012021-12-310001800667us-gaap:OtherIntangibleAssetsMember2023-12-310001800667us-gaap:CustomerRelationshipsMember2023-01-012023-12-310001800667frog:SubscriptionMemberus-gaap:ProductConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-01-012021-12-310001800667us-gaap:RestrictedStockUnitsRSUMember2022-01-012022-12-310001800667us-gaap:DesignatedAsHedgingInstrumentMember2023-01-012023-12-310001800667us-gaap:FairValueInputsLevel2Memberus-gaap:CommercialPaperMember2022-12-310001800667country:US2021-01-012021-12-3100018006672023-10-012023-12-310001800667us-gaap:DevelopedTechnologyRightsMember2023-12-310001800667us-gaap:AccumulatedDistributionsInExcessOfNetIncomeMember2020-12-310001800667us-gaap:AccumulatedDistributionsInExcessOfNetIncomeMember2023-12-310001800667us-gaap:FairValueInputsLevel3Member2023-12-310001800667country:ILus-gaap:SalesRevenueNetMemberus-gaap:GeographicConcentrationRiskMember2022-01-012022-12-310001800667frog:PortionAtFairValueDisclosureMemberfrog:VdooConnectedTrustLtdMember2021-01-012021-12-310001800667us-gaap:ComputerEquipmentMember2023-12-310001800667frog:PortionAtFairValueDisclosureMemberus-gaap:CommercialPaperMember2022-12-310001800667us-gaap:SellingAndMarketingExpenseMember2021-01-012021-12-310001800667us-gaap:FairValueInputsLevel2Memberus-gaap:CommercialPaperMember2023-12-310001800667us-gaap:IsraelTaxAuthorityMember2023-01-012023-12-310001800667frog:SelfmanagedSubscriptionMember2023-01-012023-12-310001800667us-gaap:ProductConcentrationRiskMemberus-gaap:SalesRevenueNetMember2022-01-012022-12-310001800667frog:UpswiftLtdMember2021-08-012021-08-310001800667us-gaap:ShareBasedPaymentArrangementEmployeeMember2023-01-012023-12-310001800667us-gaap:RestrictedStockUnitsRSUMember2021-01-012021-12-310001800667us-gaap:FairValueInputsLevel1Member2022-12-310001800667us-gaap:DevelopedTechnologyRightsMember2023-01-012023-12-310001800667frog:PortionAtFairValueDisclosureMemberus-gaap:USGovernmentAgenciesDebtSecuritiesMember2022-12-310001800667us-gaap:SellingAndMarketingExpenseMember2022-01-012022-12-310001800667us-gaap:RetainedEarningsMember2022-01-012022-12-310001800667us-gaap:SubscriptionAndCirculationMember2023-01-012023-12-310001800667frog:EmployeeStockPurchasePlanMember2020-08-310001800667frog:IsraeliSeverancePayMember2022-01-012022-12-310001800667us-gaap:ComputerEquipmentMember2022-12-310001800667us-gaap:ForeignExchangeContractMemberus-gaap:DesignatedAsHedgingInstrumentMember2023-12-310001800667us-gaap:CertificatesOfDepositMember2022-12-310001800667frog:EmployeeStockPurchasePlanMember2021-01-012021-12-310001800667us-gaap:PrepaidExpensesAndOtherCurrentAssetsMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueInputsLevel2Member2022-12-310001800667frog:SaasMemberus-gaap:ProductConcentrationRiskMemberus-gaap:SalesRevenueNetMember2022-01-012022-12-310001800667us-gaap:CommonStockMember2023-12-310001800667us-gaap:CustomerRelationshipsMember2023-12-310001800667us-gaap:ForeignExchangeContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:SellingAndMarketingExpenseMember2022-01-012022-12-310001800667us-gaap:RetainedEarningsMember2023-12-310001800667us-gaap:RestrictedStockUnitsRSUMember2023-12-310001800667us-gaap:LeaseholdImprovementsMember2023-12-310001800667frog:PortionAtFairValueDisclosureMemberus-gaap:CertificatesOfDepositMember2023-12-310001800667us-gaap:AdditionalPaidInCapitalMember2022-01-012022-12-310001800667us-gaap:AgencySecuritiesMemberus-gaap:FairValueInputsLevel2Member2023-12-310001800667us-gaap:PrepaidExpensesAndOtherCurrentAssetsMemberus-gaap:DesignatedAsHedgingInstrumentMemberfrog:PortionAtFairValueDisclosureMember2023-12-310001800667us-gaap:FairValueInputsLevel2Member2022-12-310001800667frog:EmployeeStockPurchasePlanMember2023-01-012023-01-010001800667us-gaap:RestrictedStockUnitsRSUMember2022-12-310001800667us-gaap:CostOfSalesMember2023-01-012023-12-310001800667frog:PortionAtFairValueDisclosureMember2023-12-310001800667us-gaap:CustomerRelationshipsMember2022-12-310001800667us-gaap:RetainedEarningsMember2023-01-012023-12-310001800667us-gaap:SalesRevenueNetMemberus-gaap:GeographicConcentrationRiskMemberfrog:RestOfWorldMember2023-01-012023-12-31xbrli:purefrog:Segmentfrog:Installmentxbrli:sharesiso4217:USDxbrli:sharesiso4217:USDiso4217:ILSxbrli:sharesiso4217:ILS

 

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

__________________________________________________

FORM 10-K

__________________________________________________

(Mark One)

ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2023

or

TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from to

Commission file number: 001-39492

__________________________________________________

JFrog Ltd.

(Exact name of registrant as specified in its charter)

__________________________________________________

Israel

 

98-0680649

(State or other jurisdiction of

incorporation or organization)

 

(I.R.S. Employer

Identification Number)

270 E. Caribbean Drive

Sunnyvale, California 94089

(Address of principal executive offices and zip code)

(408) 329-1540

(Registrant’s telephone number, including area code)

__________________________________________________

Securities registered pursuant to Section 12(b) of the Act:

Title of each class

Trading Symbol(s)

Name of each exchange on which registered

Ordinary Shares, NIS 0.01 par value

FROG

The Nasdaq Global Select Market

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☒ No ☐

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15 (d) of the Act. Yes ☐ No

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

Large accelerated filer

Accelerated filer

Non-accelerated filer

Smaller reporting company

Emerging growth company

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report.

If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements.

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b).

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes No ☒

The aggregate market value of the Ordinary Shares held by non-affiliates of the registrant, based on the closing price of the shares of Ordinary Shares on June 30, 2023 as reported by the Nasdaq Global Select Market on such date was approximately $2.1 billion. Shares of the registrant's Ordinary Shares held by each executive officer and director and by each other person who may be deemed to be an affiliate of the registrant have been excluded from this computation. This determination of affiliate status is not necessarily a conclusive determination for any other purpose.

As of February 9, 2024, the registrant had 106,306,273 Ordinary Shares, NIS 0.01 par value per share, outstanding.

DOCUMENTS INCORPORATED BY REFERENCE

Portions of the registrant's definitive proxy statement relating to the 2023 annual general meeting of shareholders (the “Proxy Statement”) are incorporated herein by reference in Part III of this Annual Report on Form 10-K to the extent stated herein. Such Proxy Statement will be filed with the Securities and Exchange Commission within 120 days of the registrant's fiscal year ended December 31, 2023.

 

 

 


TABLE OF CONTENTS

Page

PART I

Item 1.

Business

5

Item 1A.

Risk Factors

18

Item 1B.

Unresolved Staff Comments

51

Item 1C.

Cybersecurity

52

Item 2.

Properties

53

Item 3.

Legal Proceedings

53

Item 4.

Mine Safety Disclosures

53

PART II

Item 5.

Market for Registrant’s Common Equity, Related Shareholder Matters and Issuer Purchases of Equity Securities

54

Item 6.

[Reserved]

55

Item 7.

Management's Discussion and Analysis of Financial Condition and Results of Operations

55

Item 7A.

Quantitative and Qualitative Disclosures about Market Risk

65

Item 8.

Financial Statements and Supplementary Data

67

Item 9.

Changes in and Disagreements with Accountants on Accounting and Financial Disclosure

101

Item 9A.

Controls and Procedures

101

Item 9B.

Other Information

101

Item 9C.

Disclosure Regarding Foreign Jurisdictions that Prevent Inspections

102

PART III

Item 10.

Directors, Executive Officers and Corporate Governance

102

Item 11.

Executive Compensation

102

Item 12.

Security Ownership of Certain Beneficial Owners and Management and Related Shareholder Matters

102

Item 13.

Certain Relationships and Related Transactions, and Director Independence

102

Item 14.

Principal Accountant Fees and Services

102

PART IV

Item 15.

Exhibits, Financial Statement Schedules

103

Item 16.

Form 10-K Summary

104

 

2


SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

This Annual Report on Form 10-K contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”), and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), which statements involve substantial risks and uncertainties. Forward-looking statements generally relate to future events or our future financial or operating performance. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expects,” “plans,” “anticipates,” “could,” “intends,” “target,” “projects,” “contemplates,” “believes,” “estimates,” “predicts,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern our expectations, strategy, plans, or intentions. Forward-looking statements contained in this Annual Report on Form 10-K include, but are not limited to, statements about:

our future financial performance, including our expectations regarding our revenue, cost of revenue, gross profit, operating expenses, operating cash flow and free cash flow, and our ability to achieve, and maintain, future profitability;
market acceptance of our products;
our expectations about the impact of global economic disruptions resulting from natural disasters, public health epidemics, protests or riots, and geopolitical tensions or war, such as the war between Hamas and Israel and the war in Ukraine, on our business, results of operations and financial condition;
our expectations about the impact of unfavorable economic conditions, and adverse macroeconomic conditions, such as recent inflation and slower growth or recession, on our business and financial condition;
the effects of increased competition in our markets and our ability to compete effectively;
anticipated trends, growth rates and challenges in our business and in the markets in which we operate;
our ability to maintain and expand our customer base, including by attracting new customers;
our ability to successfully expand in our existing markets and into new markets;
our ability to maintain the security and availability of our software;
our ability to maintain or increase our net dollar retention rate;
our ability to develop new products, or enhancements to our existing products, and bring them to market in a timely manner;
our business model and our ability to effectively manage our growth and associated investments;
our ability to integrate and realize anticipated synergies from acquisitions of complementary businesses;
beliefs and objectives for future operations, including regarding our market opportunity;
our relationships with third parties, including our technology partners and cloud providers;
our ability to maintain, protect, and enhance our intellectual property rights;
our ability to successfully defend litigation brought against us;
our ability to attract and retain qualified employees and key personnel;
the sufficiency of our cash and cash equivalents to meet our liquidity needs;
our ability to comply with laws and regulations that currently apply or become applicable to our business in Israel, the United States and internationally; and
the future trading prices of our ordinary shares.

3


You should not rely upon forward-looking statements as predictions of future events. We have based the forward-looking statements contained in this Annual Report on Form 10-K primarily on our current expectations and projections about future events and trends that we believe may affect our business, financial condition, results of operations, and prospects. The outcome of the events described in these forward-looking statements is subject to risks, uncertainties, and other factors described in the section titled “Risk Factors” and elsewhere in this Annual Report on Form 10-K. Readers are urged to carefully review and consider the various disclosures made in this Annual Report on Form 10-K and in other documents we file from time to time with the Securities and Exchange Commission (“SEC”) that disclose risks and uncertainties that may affect our business. Moreover, we operate in a very competitive and rapidly changing environment. New risks and uncertainties emerge from time to time, and it is not possible for us to predict all risks and uncertainties that could have an impact on the forward-looking statements contained in this Annual Report on Form 10-K. We cannot assure you that the results, events, and circumstances reflected in the forward-looking statements will be achieved or occur, and actual results, events, or circumstances could differ materially from those described in the forward-looking statements.

The forward-looking statements made in this Annual Report on Form 10-K relate only to events as of the date on which the statements are made. We undertake no obligation to update any forward-looking statements made in this Annual Report on Form 10-K to reflect events or circumstances after the date of this Annual Report on Form 10-K or to reflect new information or the occurrence of unanticipated events. We may not actually achieve the plans, intentions, or expectations disclosed in our forward-looking statements, and you should not place undue reliance on our forward-looking statements. Our forward-looking statements do not reflect the potential impact of any future acquisitions, mergers, dispositions, joint ventures, or investments we may make.

In addition, statements that “we believe” and similar statements reflect our beliefs and opinions on the relevant subject. These statements are based upon information available to us as of the date of this Annual Report on Form 10-K, and while we believe such information forms a reasonable basis for such statements, such information may be limited or incomplete, and our statements should not be read to indicate that we have conducted an exhaustive inquiry into, or review of, all potentially available relevant information. These statements are inherently uncertain and investors are cautioned not to unduly rely upon these statements.

4


PART I

Item 1. Business

Overview

JFrog’s vision is to power a world of continuously updated, secure, trusted software – we call this Liquid Software.

We provide an end-to-end, hybrid, universal Software Supply Chain Platform that enables organizations to continuously and securely create and deliver software updates across any system. This platform is the critical bridge between software development and deployment of that software, paving the way for modern software supply chain management and software release processes. We enable organizations to build and release software faster and more securely while empowering developers, security teams and Machine Learning Operations (MLOps) teams to be more efficient.

Digital transformation has become an imperative for all organizations, and as such, organizations of all types and sizes are increasingly dependent upon software to better engage with their customers, partners, and employees. As a result, the continuous and trusted release of new software has become mission critical. An organization’s failure to keep software current or react to problems with timely software updates, whether feature oriented or security-demanded, can lead to lost revenue and reputational damage, and even threaten human safety and lives. We believe the end state of digital transformation is a non-stop, always-on, secure, continuous delivery of value to users, enabled by a world of version-less software.

DevOps and DevSecOps enables the software innovation that is driving digital transformation. The need for organizations to better serve their customers, partners, and employees through software is driving the demand for constant innovation of the software build and release workflow. As the pace and variety of software creation have increased, the domains of software “developers” and IT “operators” have converged, rapidly including “security” professionals. Since our inception, we have embraced the culture and methodologies of modern software development and delivered a platform that connects developers, security teams and operators, thus providing the foundation for DevOps and DevSecOps. These paradigms have become the approach modern digital organizations take to software development and operations, shortening, automating, securing and improving the software build and release workflow.

Software as it is written by a developer, in source code, cannot be deployed in a runtime environment. In order for software to run in production, source code is transformed into or packaged into executable binary files that can be understood by and run on a server or device. Organizations need tools that can turn source code and other resources into binary files, store, manage, and secure these binaries, and then create software packages, or combinations of one or more binary files, that can be released and deployed to runtime environments. Our platform is designed to universally manage and deploy all types of software packages, including machine learning models, within an organization, making it the system of record for an organization’s secure software release processes, often called the “database of DevOps.”

Software and the Business Environment

The volume and importance of software in the business environment is increasing exponentially. Organizations in all industries and of all sizes have turned to software as a competitive advantage, facilitating interactions with their customers, managing day-to-day operations, gaining actionable business insights, securing their digital environments, and driving digital transformation. As a result, software’s role has changed from a functional tool to a cornerstone of nearly every company, and the continuous development and release of that software has transformed into mission-critical operations.

For example, if drivers and riders are not running the same version of a ride-hailing company’s software and fail to connect, even for the briefest of moments, those riders can easily turn to a competitive service. If an out-of-date piece of a financial institution’s software stack allows a security breach, the organization can suffer enormous reputational harm and be liable for damages. If an airplane’s software is not securely updated, passengers’ lives may be put in danger.

In order to address these growing customer expectations and regulatory compliance, organizations have dramatically reduced the time between releasing new features and functions and resolving security vulnerabilities, from years to months or even days and hours. Updating a feature of a software application, rather than releasing a new version of the entire application, ensures that current software is brought to market faster, allowing organizations to be more responsive to their customers’ needs, making software updates less disruptive to the user experience. To keep software current in today’s environment, software updates need to be released incrementally, securely and with increased frequency.

5


The proliferation of open source software, availability of newer and more efficient software development technologies such as generative artificial intelligence (AI) technologies, and the increasing interconnectedness of software enable organizations to produce software at an increasing rate. Meanwhile, the adoption of new architectures, platforms, and technologies, such as microservices, containers, and hybrid and multi-cloud environments, creates significant complications in managing the software supply chain flow. Organizations’ existing approaches to software releases and updates address each step of the cycle separately, creating silos and bottlenecks around critical steps, such as planning, curating, building, testing, securing, and delivering software. The merging of these new technologies with legacy approaches has placed significant strain on traditional software build and release workflows.

The DevOps and DevSecOps Workflows

DevOps enables the software innovation that is driving digital transformation. As the domains of software developers and IT operators have converged, DevOps has emerged as a discipline that integrates software development and operations, shortening, automating, and improving the software build and release workflow. DevOps is a combination of technologies, methodologies, and culture that powers a continuous, fast, and secure software release cycle.

The DevSecOps workflow spans the lifecycle of software, from the planning, curating, coding, building, securing and testing of software components by developers, to the secure releasing, deploying, operating, and monitoring of that software by operators. DevSecOps integrates security practices across the DevOps workflow for early detection of issues and ongoing software security throughout the software’s lifecycle. While many software development technologies today address aspects of a particular segment of DevOps, JFrog provides the common ground for software developers, security teams and IT operators, making it integral to the DevOps and DevSecOps workflows to create trusted software releases.

The Importance of Software Packages

Software as it is written by a developer, in source code, cannot be deployed in a runtime environment. In order for software to run in production, source code and other components are transformed or packaged into executable binary files that can be understood by and run on a server or device. Organizations need tools that can turn source code and other components into binary files, store, manage and secure these binaries, and then create software packages, or combinations of one or more binary files, that can be released and deployed to runtime environments. In addition, the vast majority of applications are built utilizing open source software that enters organizations in the form of binaries. The JFrog Platform is designed to universally manage and deploy all types of software packages within an organization, making it the system of record for an organization’s software.

In today’s business environment, the volume and variety of software packages that need to be managed and stored by organizations is rapidly growing. This includes the management of machine learning models and their dependencies, which see massive adoption due to the commoditization of large language models (LLMs). Software packages are increasingly created by both humans and machines as software build and release workflows are automated, and can also be imported from external sources, such as open source libraries and repositories. The increasingly large volumes and complexity of packages within organizations’ software development ecosystems require a new, systematic, and automated approach to trusted management of packages. Code repositories, which store and manage source code, are helpful and important developer tools, but cannot efficiently take software that was written by developers and deploy it in runtime environments because they are not purpose-built to manage, cache and secure binary files. Tracking and managing software at the package level enables organizations to make incremental updates to software, and deliver trusted software bill of materials (SBOMs) alongside their software releases. Package management allows software releases to be continuous, and capable of handling the volume, variety, security and velocity of trusted software required today.

Our Platform

We built the world’s first universal software package repository, JFrog Artifactory, to fundamentally transform the way that the software supply chain is managed. Our package-based approach to releasing software allows software releases to be continuous and software to always be current.

We enable organizations to securely store all package types in a common repository where they can be tagged, tracked, and managed. Our unified platform connects all of the software release processes involved in building and releasing software, and enables trust by offering a single source of truth for all software release inputs and outputs. We empower our customers to shorten their software release cycles and enable the continuous flow of current, secure, up-to-date software from any source to any edge. Our platform is designed to be agnostic to the programming languages, source code repositories, and development technologies that our customers use, and the type of production environments to which they deploy.

6


Our fully integrated suite of products allows our customers to compile software from source code repositories, curate the importation of external packages, manage the dependencies among components within software packages, keep these packages under a single universal repository, manage and automate the usage of open source libraries and packages, scan for vulnerabilities through various stages and contexts, distribute to endpoints, and deploy in production, all through a single user access point. This complete process is often referred to as management and securing of the “software supply chain.”

Since our initial launch of JFrog Artifactory, we have consistently innovated and added new products to expand the capabilities of our platform. Today, our platform comprises the full workflow for releasing trusted, secure software.

img191605191_0.jpg 

Products

JFrog Artifactory

At the center of our platform is JFrog Artifactory, the first universal package repository. It allows teams and organizations to store, update, and manage their software packages at any scale. JFrog Artifactory ensures that all software packages being deployed are the most current by automatically caching dependencies between packages and package versions, including from external sources. JFrog Artifactory supports all major software package technologies and can be seamlessly deployed across public clouds, multi-cloud, on-premises, private cloud, and hybrid environments. As a result, JFrog Artifactory serves as the “single source of truth” for an entire organization’s software packages, ensuring consistency and enabling trust and automation in the software release process.

JFrog Artifactory is also expanding to include MLOps functionality, with the key capability to manage machine learning models and their dependencies as they are released alongside and within software applications. These models and dependencies are foundational components for AI-powered functionality in software applications. We believe this expansion will unite MLOps practitioners with DevSecOps best practices to create a universal software supply chain across an organization.

With JFrog Artifactory at its center, our platform is a cohesive, integrated, end-to-end solution comprised of the following additional products that encompass the complete software release cycle:

JFrog Curation. JFrog Curation functions as a guardian outside the software development pipeline, controlling the admission of packages into an organization, primarily from open source or public repositories. JFrog Curation understands package metadata, allowing companies to build policies around the entry or blocking of software packages into a company’s repositories based on multiple factors such as age, version number, security risk, release timelines, target environments and more. Software packages addressed by JFrog Curation rely on the JFrog Catalog of open source package information, with over 4 million unique packages and their advanced metadata available.

7


JFrog Xray (Security Essential). JFrog Xray continuously scans JFrog Artifactory to secure all software packages stored in it. JFrog Xray is able to understand software packages at a binary level, utilizing the metadata stored in JFrog Artifactory to accurately uncover potential vulnerabilities, policy violations, and open source software license compliance issues. This enables more cohesive DevSecOps processes, allowing organizations to achieve both control and trust earlier in their software release cycles by automating security workflows. JFrog Xray also provides unique security information to customers that is derived from a dedicated security research team that uncovers vulnerabilities in public and private repositories.
JFrog Advanced Security. JFrog Advanced Security is an optional add-on for select JFrog subscriptions as an advanced, binary-focused security solution integrated into the JFrog Platform. It offers in-depth binary scanning to examine data that is not accessible via package managers, software bill of materials or typical metadata. Natively integrated with JFrog’s Artifactory binary repository and JFrog Xray’s software composition analysis solutions, JFrog Advanced Security capabilities, including source code scanning (SAST), secrets detection, contextual analysis, IaC scanning, container scanning, malicious ML model detection and more, offer holistic coverage for software supply chain security at scale.
JFrog Distribution. JFrog Distribution provides reliable, scalable, and secure software package distribution with enterprise-grade performance. It uses proprietary technology to reliably and optimally distribute packages to multiple locations and update them as new release versions are produced. JFrog Distribution offers native support for the major package technologies, allowing smooth integrations between an organization’s deployment tools and the runtime environment, and enabling seamless software releases. JFrog Distribution also offers the industry’s first Private Distribution Network, allowing companies to customize how they distribute software across any infrastructure, device fleet or hybrid topology.
JFrog Artifactory Edge. JFrog Artifactory Edge is a specialized, read-only version of JFrog Artifactory, co-located close to the runtime environment. JFrog Artifactory Edge sits downstream from JFrog Distribution, providing reliable deployment of software packages at the actual locations where updates are executed. Designed to work with JFrog Distribution, JFrog Artifactory Edge utilizes and leverages metadata from JFrog Artifactory to facilitate the transfer of only the incremental changes in software packages from their previous versions, rather than entire applications, enabling efficient, real-time updates to edge instances.
JFrog Mission Control. JFrog Mission Control is our integrated platform control panel, providing a high-level view of all the moving pieces of an organization’s software supply chain workflow. As part of JFrog Artifactory, JFrog Mission Control allows users to configure and view services under administrative control, whether across any public cloud, on-premise, private cloud, or hybrid environment, or at geographically dispersed development sites.
JFrog Insight. JFrog Insight is our universal DevOps intelligence tool. JFrog Insight integrates with our other products to provide customers with powerful BI and analytics capabilities. JFrog Insight processes and collects key metrics, correlates them across diverse systems, and provides actionable insights to development managers, operations teams, and compliance officers across an organization.
JFrog Connect. JFrog Connect is our connected device management solution that allows companies to manage software updates and monitor performance across IoT device fleets from anywhere in the world. JFrog Connect scales to automate software package delivery across the development-to-device lifecycle.
JFrog Pipelines. JFrog Pipelines is our Continuous Integration and Delivery tool, responsible for automating and orchestrating the movement of software packages through our platform. This includes the creation, compilation, and management of software packages throughout the DevOps workflow. JFrog Pipelines also provides end-to-end visibility and control over the software release cycle, ensuring that various repositories, testing tools, and deployment tools are seamlessly coordinated, while attesting to the security of the pipeline process.

Benefits to Our Customers

End-to-end, unified platform. We provide a central, unified platform for our customers’ software release needs with our universal package management solution, JFrog Artifactory, at its core and a portfolio of adjacent products including build integration, workflow automation, security, and deployment. We designed our products to integrate with each other natively, with a unified user interface. This allows organizations to effectively and efficiently manage the full software supply chain through a single user access point.

8


A “blessed” repository for the organization. We designed JFrog Artifactory to be the only package repository that an organization needs. By securely storing, monitoring, and distributing software packages created inside and outside an organization, we provide a single, trusted local repository that any user within an organization can rely on, serving as the system of record for all of the software in an organization. This is commonly referred to as a “blessed repository.” JFrog Artifactory automatically caches updated software packages from both external and internal repositories, ensuring that an organization always has the latest, validated packages available.
Acceleration through automation. Our platform accelerates the software release cycle by enabling the automation of workflows across teams and providing tight coordination between development and operations groups, removing silos within organizations’ software release processes. We seamlessly integrate with source code repositories to push software updates and to manage software package flows between all software release gates seamlessly and continuously, offering a uniquely efficient way to orchestrate software release from build to deploy.
Hybrid and multi-cloud deployment. We empower organizations to release software that is execution-ready across any number of different production environments. Our platform supports public cloud, on-premise, private cloud, multi-cloud, and hybrid deployments, helping organizations avoid vendor lock-in and allowing software developers, security and IT operators across an organization to use our products in any environment. Our unique model offers the same product in the cloud and on-premise, so users can work in any environment with an identical user experience.
Scalable across the organization. Our proprietary technology for package management allows our platform to seamlessly scale across even the largest of customers and deployments. Our platform supports a wide variety of enterprise-scale storage capabilities and also accommodates spikes in usage without compromised performance. The JFrog Platform supports High Availability cluster configuration, in which redundant components are created to maximize network uptime, and can therefore seamlessly serve nearly any number of concurrent users, build servers, and interactions.
Trusted and secure. We enable organizations to analyze software packages for vulnerabilities, rapid remediation, license compliance, and quality issues in near real-time. Our fully integrated security solutions enable continuous automation of security policies from before a package enters the organization through to deployment to the runtime. Our platform embeds security into the DevOps workflow, creating a seamless DevSecOps flow that allows organizations to have speed and control in the software release cycle. All software packages on our platform are fully traceable, ensuring the accuracy and reliability of software applications. To enhance application quality while minimizing risk, our security controls offer customizable governance policies to specific software packages and complete auditing capabilities and business impact analysis.

Benefits to Software Developers, Security Teams, and IT Operators

Easy, secure, and automated package management. Through our JFrog Artifactory package management solution, software developers, security teams, and IT operators are able to automatically fetch software packages from public and private repositories, ensure that packages are consistent across their organizations’ instances of JFrog Artifactory, scan for vulnerabilities and contextual errors with our security solutions, and manage dependencies among packages. JFrog Curation allows for automated policies to protect companies from undesired software packages before they enter Artifactory. JFrog Artifactory then stores software packages and uses their metadata in a manner similar to a relational database, enabling software developers and IT operators to manage package versions, organize and track dependencies, and perform replication of trusted packages across geographically distributed sites.
Integrated across the development ecosystem. We believe in user freedom of choice and provide software developers and IT operators with technology that seamlessly integrates with their ecosystems. Our out-of-the-box integrations with third-party technologies offer software developers and IT operators the freedom to choose their tool stacks, allowing them to minimize disruptions, increase productivity and innovation, and avoid vendor lock-in. Our solution includes user-friendly application programming interfaces (“APIs”) that organizations can use to integrate our products and third-party technologies in a reliable and high-performance manner.
Universal and extensible. Our platform natively supports the major package technologies, including package libraries, continuous integration tools, container registries, and testing and deployment tools, and has been designed to quickly and seamlessly add support for new package technologies as they arise. JFrog Artifactory’s ability to search for, manage, and cache software packages from different sources enables software developers and IT operators to execute faster and take advantage of innovation throughout the broader software development ecosystem. As an organization’s development environment changes, our products automatically adjust, with little to no downtime or the need for complex migrations.

9


Business Model

We combine bottom-up and top-down approaches in our business model. The bottom-up approach is community focused, driving increased usage of our products, in which we focus on demonstrating the value that our products can provide to software developers, security teams and IT operators. Once customers are of a certain size, we engage in a top-down approach for full platform adoption that focuses on enterprise values. To support growth of large strategic customers, JFrog also empowers a direct sales team supported by dedicated DevSecOps technical staff. We strive to make software developers, security teams and IT operators more efficient, effective, and productive, and create champions of JFrog in the process.

Our go-to-market strategy.
o
Make software developers, security teams, ML engineers, and IT operators successful. Our consistent product innovation, thought leadership in software supply chain management, and knowledge sharing with software developer, security teams, and IT operator communities engender trust that fuels increased usage of our products. We enable our users to stand out for the value they deliver to their organizations, making others within their organizations want to adopt our products to emulate their success.
o
Enable user freedom of choice. We are agnostic to the types of technologies a software developer or IT operator may choose to use, which is a philosophy that we believe provides us with a competitive advantage. Our platform is designed to quickly and seamlessly add support for new package technologies as they arise.
o
Align pricing with value provided. Our free trials and open source software options provide low-friction entry points for software developers, security teams, and IT operators. Customers often upgrade to paid and higher-tiered subscriptions as they increase their usage of our products.
o
Provide best-in-class support. Our customer support personnel provide extensive engineering-level support directly to software developers, security teams, and IT operators, ensuring those individuals who use our products most are set up to succeed. Our customer support team is differentiated by the number of team members who have engineering backgrounds, which allows our customers to have consistent access to individuals with intimate technical knowledge of our products and of the different technologies and protocols with which they integrate. Our technical support offerings primarily include issue diagnosis and root cause identification, as well as bug isolation and software fix delivery.
o
Directly support strategic accounts. Our strategic sales team focuses on accounts with high expansion potential to deliver more customized experiences and dedicated approaches. This is often a top-down approach or executive-level relationship that ensures JFrog is consistently meeting the needs of top-tier customers.
o
Expanding partnerships & go-to-market motions. We are expanding JFrog’s channel strategy throughout the world, with a focus on emerging markets and localized buying patterns. We believe that in addition to our traditional direct-sales business, channel expansion will drive growth by giving specific industry verticals and geographies purchase options that are flexible to their localized needs. Specifically with public cloud providers, we believe there is great potential for partnerships and channels to be a significant contributor to JFrog’s growth.
Multiple tiers of subscriptions. Our subscription structure is aligned with the way we have built our product platform, with JFrog Artifactory at the core of each subscription and a portfolio of adjacent products and services that differ by subscription tier. Our pricing model aligns the value we deliver with our customers’ needs as they scale.
Technology partnership ecosystem. Our extensive integrations with technologies across the software development ecosystem power significant extensibility of our platform and offer our customers the ability to use external software development technologies of their choice on our platform, driving increased customer affinity and product stickiness.

Multi-Tiered Subscription Offerings

We offer our products to customers through a multi-tiered subscription structure. Our current paid subscription tiers include JFrog Pro, JFrog Pro X, JFrog Enterprise X, and JFrog Enterprise Plus.

JFrog Pro. JFrog Pro provides access to the universal version of JFrog Artifactory and ongoing updates, upgrades, and bug fixes.

10


JFrog Pro X. JFrog Pro X is a self-hosted-only subscription that provides the same features as JFrog Pro with the addition of JFrog Xray basic scanning functionality and license compliance, along with service-level agreement (“SLA”) support.
JFrog Enterprise X. JFrog Enterprise X provides the same features as JFrog Pro X with the addition of High Availability cluster configuration, federated repositories, multi-region replication, and JFrog Mission Control, enabling larger enterprise-scale deployments, and SLA support as well as deeper security features. JFrog Enterprise X customers are also able to purchase the full suite of JFrog security products.
JFrog Enterprise+ (Enterprise Plus). JFrog Enterprise Plus provides the same features as JFrog Enterprise X, with the addition of JFrog Pipelines, JFrog Insight, JFrog Distribution, and JFrog Artifactory Edge. JFrog Enterprise Plus is our full platform subscription option, delivering our entire suite of products and functionality, as well as Private Distribution Network capabilities. JFrog Enterprise Plus customers are also able to purchase the full suite of JFrog security products.
Additional, optional subscriptions.
o
JFrog Advanced Security, with functionality for Infrastructure as Code scanning, container scanning, contextual analysis and more, is available as an optional, add-on subscription for Enterprise X and Enterprise Plus subscribers, as well as through private offers in the cloud marketplaces.
o
JFrog Curation functions as a guardian outside the software development pipeline, controlling the admission of packages into an organization, primarily from open source or public repositories.
o
JFrog Connect functionality for IoT devices is available for separate purchase while in early production phases.

We have an unwavering commitment to the software developer, security teams, and IT operator communities, and show this commitment by offering varying forms of free access to our products in addition to the paid subscriptions described above. This free access takes the form of free trials and open source software, and helps generate demand for our paid offerings within the software developer, security and IT operator communities.

Free Trials. We offer time-limited free trials of our platform that allow prospective customers to test the full functionality of a JFrog subscription within their environments or in the cloud. At the end of this trial period, prospective customers must pay for a subscription in order to continue utilizing JFrog services. Community, free services include a limited version of Artifactory as well as a community version for C/C++ developers (Conan).
Open Source. Our open source offering is a limited functionality version of JFrog Artifactory that only supports Java-based software packages, and does not support organization-wide adoption by DevOps teams.

Growth Strategies

We intend to pursue the following growth strategies:

Extend our technology leadership. We will continue to invest in building new capabilities and extending our platform to bring the power of software supply chain management to a broader range of use cases, including maturation of security solutions for DevSecOps, expansion of AI-enabling technologies including MLOps, and continuing to enable DevOps solutions for devices on the edge. Additionally, we believe acquiring new technologies to complement our organic innovation efforts will help us rapidly adapt to address the evolving needs of the market and drive increased value for our customers.
Expand within our existing customer base. We have demonstrated a differentiated ability to retain customers, expand existing customer usage, and cross-sell a broader set of products and features within an organization. Our net dollar retention rate (“ARR”) of 119% as of December 31, 2023 highlights the increasing value of our products to our customer base. While maintaining our self-service and inbound sales model, we intend to continue to expand our strategic sales team to identify new use cases and drive expansion and standardization on JFrog’s Software Supply Chain Platform.
Acquire new customers. Our free trial subscription options and open source version of JFrog Artifactory increase software developer, security and IT operator familiarity with our products, and allow for low-friction product adoption. MLOps functionality may expose JFrog solutions to new audiences such as AI/ML Engineers and Data Scientists. Additionally, we

11


have steadily grown our international presence since inception and intend to continue to expand regionally as DevOps and DevSecOps practices are increasingly adopted around the world.
Expand and develop our technology partnership ecosystem. We have designed our platform to work with the major package technologies and be deployed in any environment, allowing our technology partners to better serve their customers. We also intend to cultivate and leverage channel and alliance partners, including cloud providers, to grow our market presence and drive greater sales efficiency.

Customers

As of December 31, 2023, we had a global customer base of approximately 7,400 organizations across all industries and sizes, including approximately 83% of Fortune 100 organizations.

As of December 31, 2023, 886 of our customers had ARR of $100,000 or more, increasing from 736 customers as of December 31, 2022, accounting for 68% and 62% of our ARR, respectively. We had 37 customers with ARR of at least $1.0 million as of December 31, 2023, increasing from 19 customers as of December 31, 2022. For the year ended December 31, 2023, our 10 largest customers represented approximately 7% of our total revenue and no single customer accounted for more than 1% of our total revenue. For the year ended December 31, 2023, approximately 38% of our revenue was generated from customers outside of the United States. All references to our customers included in this Annual Report refer to paying customers.

Technology

Our proprietary technology, fueled by our optimized database architecture, enables best-in-class reliability, scalability, and performance.

Our technology includes the following key attributes:

Universal package management. The center of our platform, JFrog Artifactory, stores software packages and manages the metadata from major package technologies, including Docker, OCI, Debian, RPM, Go, Helm, Kubernetes, NPM, NuGet, Python, Java and Rust. Our platform is designed to quickly and seamlessly add support for new package technologies as they arise, ensuring a comprehensive view of an organization’s software supply chain.
Curated public repositories. JFrog Artifactory automatically queries third-party repositories and allows organizations to exert choice and governance in the software packages they cache. This enables our customers to better maintain control and security via the blacklisting or whitelisting of certain components.
Rich metadata. Every package in JFrog Artifactory is stored and referenced using metadata, including dependencies, author, and date modified. We utilize our proprietary technology to store and index metadata, allowing it to be queried for multiple uses such as package promotion, tagging, security, and more, which enables automation. This metadata is critical for organizations meeting new strict software bill of materials requirements.
Checksum-based storage. A checksum is a sequence of numbers and letters that serves as a “digital fingerprint.” Each package has a unique checksum that is stored as a file and referenced by JFrog Artifactory, significantly reducing the amount of data needed within JFrog Artifactory or when copying software packages to remote sites or replicating repositories, making it substantially faster than traditional approaches.
High Availability. Our High Availability configuration allows multiple JFrog product nodes to be deployed as a redundant cluster to reduce reliance on any single node, ensuring that there can be no single-point-of-failure. Importantly, our High Availability configuration allows customers to update our products with the latest versions with little to no downtime, as each node is updated one at a time.
Enterprise-class security and compliance. Organizations can use our platform to help manage the integrity of software being deployed by digitally signing packages and binary files. Groups, API tokens, users, and other characteristics can all be managed from various points within multiple data centers, alongside real-time access replication.
Advanced security scanners. Scanners that analyze the actual exploit risk of a vulnerability, in-context, based on the environment under which it exists and minimize security "noise" for developers so that they can focus on fixing the impactful

12


issues. Scanners include Contextual Analysis, Service and Application Exposures, SAST, IaC Analysis and Secrets Detection.
Package Admission Filtering. JFrog Curation acts as a firewall for open source and third party packages coming from public repositories. By using JFrog Catalog as a database of open source packages and their advanced metadata, Curation applies policies to govern the admission of new package versions into the company’s repositories.
Hierarchical graph of software packages. By tracking against a database of known vulnerabilities, our platform provides continuous security and analysis of software packages in the development environment, making it less likely for vulnerable components to reach production.
Easy user plugins. User plugins allow customers to extend the functionality of our products with the JFrog Artifactory REST API, providing a simple way to add functionality, including scheduling tasks, managing security and authentication, license compliance, open source governance, package resolution and deployment, build integration, promotion logic, maintenance, and clean up.
Global federation of repositories. The ability to have bi-directional content synchronization across multi-site, globally distributed repositories, used for disaster recovery and geo-location transparency.
Scalable peer-to-peer based distribution. To accommodate network traffic bursts when deploying a new software version for thousands of clients concurrently across geographies, overcoming slow or unreliable network connectivity.
Smart IoT updates. Lightweight agent that sits on Linux-based IoT devices and facilitates the orchestration of device software updates in an outbound-only network and includes out-of-the-box integration with our Software Supply Chain Platform, providing validation that update bundles are secure and automatically received.
Device Remote Access & Control. Ability to connect remotely to services on an edge device using port-mapping or to create a secure shell to devices for debugging and inspection.

Marketing and Sales

Marketing

JFrog’s marketing approach is a dual-pronged effort to both enable and empower users in a bottoms-up motion, as well as enterprise level or “top-down” approach for broad platform adoption at a strategic company level. Our community-focused approach to marketing prioritizes increasing the effectiveness of software developers, security teams, AI/ML engineers, data scientists and IT operators. We empower these technologies to release software faster and more securely, and in the process create champions of our products who are well-positioned to demonstrate the value of JFrog to their broader organizations. These communities can easily engage with our products through free trials and open source software before deciding to use them on a paid basis. We believe this approach gives us a competitive advantage, as technical communities have become integral in spreading awareness of our brand, expanding use cases, and promoting the adoption of our platform in the overall organization. As a result, the value we bring to software developers and IT operators organically drives demand, as increased awareness, knowledge sharing, and adoption leads to greater exposure to the other features and products in our user interface.

Our enterprise-level and field marketing functions support our strategic sales team, providing an account-based approach to drive expansion of JFrog solutions amongst our largest customers and prospects. Additionally, we engage with prospective end-users through user-centered events, including JFrog swampUP, our annual, global DevOps and user conference, hands-on training events, persona-driven events, and co-marketing activities with technology partners and large cloud platforms.

Sales

Flexible self-service, inbound and strategic enterprise sales approaches make it easy for customers to try, adopt, and use our products in a way most advantageous for them, creating a highly efficient sales motion. Our customers can start with an open source version of JFrog Artifactory, free trial subscription options, or land directly with one of our paid subscription tiers. Our open source and free trial options provide low-friction entry points for customers, who often upgrade to paid and higher-tiered subscriptions as they increase their usage of our products through the identification of new use cases, the need for additional functionality, or the adoption of our products by new teams or in new geographies. Once a user has decided to use our products

13


beyond what is available in open source or at the end of a free trial, they can upgrade to one of our paid subscriptions, which are priced based on number of servers or consumption to align the value we deliver with our customers’ needs as they scale.

Our customer success teams are focused on enabling organizations to realize the full benefits of our platform by helping them advance DevSecOps practices and promoting the adoption of additional products and more advanced functionality of our platform. We intend to continue to expand our strategic sales team to identify new use cases and drive expansion and standardization on JFrog within our largest customers.

Competition

The worldwide DevOps and DevSecOps markets are rapidly evolving. We compete on the basis of a number of factors, including:

ability to provide an end-to-end, unified platform for the DevOps and DevSecOps workflows;
ability to provide security solutions across software developers and enterprise workflows;
ability to provide machine learning operation solutions across enterprise workflows;
breadth of technologies we support;
breadth of technology integrations;
total cost of ownership;
extensibility across organizations, including software developers, security teams, AI/ML engineers, data scientists, and IT managers;
ability to enable collaboration between software developers, security teams, and IT operators;
ability to deploy our products in any combination of cloud, multi-cloud or on-premises environments;
performance, security, scalability, and reliability in tandem;
quality of customer experience and satisfaction;
quality of customer support;
ease of implementation and use; and
brand recognition and reputation.

Our products are available for self-managed, software-as-a-service (“SaaS”), multi-cloud, and hybrid deployments. While we believe we compete successfully on the above factors, particularly with regards to the comprehensive nature of our solutions, we do experience competition in each of these categories with different vendors:

Home grown solutions. Over time, many companies built solutions in-house for specific use cases they uniquely required. Often, these solutions do not scale or were not designed to meet the needs of modern software delivery methodologies or technologies.
DevOps and developer-focused vendors. Many companies address only certain parts of the DevOps cycle and may compete with a limited set of JFrog offerings, including Microsoft’s GitHub, GitLab, Inc., Cloudsmith and Sonatype.
Cloud providers. While also partners, cloud providers, such as Amazon Web Services (AWS), Microsoft Azure (including Azure DevOps) and Alphabet Inc.’s Google Cloud, may compete with a subset of JFrog functionality.

14


Security point solutions. Some security-focused companies may compete with a subset of JFrog’s holistic security offerings or address only developer-level security, such as Aqua Security, Snyk, Sonatype and Synopsys.
Diversified vendors. Some diversified technology companies, such as IBM, Inc. (including Red Hat), Pivotal Software and VMware, Inc. (now Broadcom Inc.) may have offerings that compete with certain JFrog products.

Additionally, we may compete with start-up and open source technologies across the categories described above. Many of our competitors have greater financial, technical, and other resources, greater brand recognition, larger sales forces and marketing budgets, broader distribution networks, diverse product and services offerings, and larger and more mature intellectual property portfolios. They may be able to leverage these resources to gain business in a manner that discourages customers from purchasing our offerings. Furthermore, we expect that our industry will continue to attract new investments, including smaller emerging companies, which could introduce new offerings. We may also expand into new technology or geographical markets and encounter additional competitors in such markets.

Research and Development

Our research and development organization is responsible for the design, development, testing, and delivery of new technologies, features, and integrations of our platform, as well as the continued improvement and iteration of our existing products. Our most significant investments in research and development are to drive core technology innovation and bring new products to market. Research and development employees are located primarily in our Israel and India offices.

Our research and development team consists of our architects, software engineers, security experts, DevOps engineers, product management, quality assurance, and data collection teams. We intend to continue to invest in our research and development capabilities to extend our platform and products.

Intellectual Property

Our success depends in part on our ability to protect our intellectual property. We rely on a combination of copyrights and trade secret laws, confidentiality procedures, employment agreements, license agreements, invention assignment agreements, trademarks, and patents to establish and protect our intellectual property rights, including our proprietary technology, software, know-how, and brand.

As of December 31, 2023, we hold a number of active patents and have filed patent applications both in the U.S. and in other countries. We cannot assure you whether any of our patent applications will result in the issuance of a patent or whether the examination process will require us to narrow our claims. Any of our patents issued in the future may be contested, circumvented, found unenforceable or invalidated, and we may not be able to prevent third parties from infringing them. In addition, we have international operations and intend to continue to expand these operations, and effective patent, copyright, trademark, and trade secret protection may not be available or may be limited in foreign countries.

Although we rely on intellectual property rights, including trade secrets, patents, copyrights, and trademarks, as well as contractual protections to establish and protect our proprietary rights, we believe that factors such as the technological and creative skills of our personnel, creation of new modules, features and functionality, and frequent enhancements to our platform are more essential to establishing and maintaining our technology leadership position.

We control access to, and use of, our proprietary technology and other confidential information through the use of internal and external controls, including contractual protections with employees, contractors, customers, and partners, and our software is protected by U.S. and international copyright and trade secret laws. We require our employees, consultants, and other third parties to enter into confidentiality and proprietary rights agreements and control access to software, documentation, and other proprietary information. Our policy is to require employees and independent contractors to sign agreements assigning to us any inventions, trade secrets, works of authorship, developments, and other processes generated by them on our behalf and agreeing to protect our confidential information. In addition, we generally enter into confidentiality agreements with our customers and partners. See the section titled “Risk Factors” for a more comprehensive description of risks related to our intellectual property.

Government Regulations

Our business activities are subject to various federal, state, local and international laws, rules and regulations. For example, we are subject to numerous laws, directives, and regulations regarding privacy, data protection, and data security and the collection, storing, sharing, use, processing, transfer, disclosure, and protection of personal information and other data. In

15


addition, in some cases, our software is subject to export control laws and regulations, including the Export Administration Regulations administered by the U.S. Department of Commerce, and our activities may be subject to certain trade and economic sanctions. Any failure or perceived failure to comply with laws and regulations that currently apply or become applicable to our business in Israel, the United States and internationally could have an adverse effect on our business and results of operations. Compliance with these laws, rules and regulations has not had, and is not expected to have, a material effect on our capital expenditures, results of operations and competitive position as compared to prior periods. For additional information about government regulation applicable to our business, see Part I, Item 1A, "Risk Factors" in this Annual Report on Form 10-K.

Employees and Human Capital

Our Board of Directors and its committees share oversight of our human capital management strategy. The Nominating and Corporate Governance Committee has oversight of our approach to human capital and inclusion and diversity as part of its broader oversight of our Environmental, Social, and Governance strategy and initiatives. We annually conduct talent reviews and succession planning and the Board of Directors receives updates from senior management regarding succession planning, management talent assessment, and employee attrition. The Audit Committee reviews with management our ethics and compliance programs for human capital and workplace-related issues. The Compensation Committee provides oversight of our overall compensation philosophy, policies and programs, and their respective alignment with our human capital strategy.

As of December 31, 2023, we had a total of approximately 1,400 employees globally, including approximately 750 employees located in Israel and approximately 350 employees in the United States. None of our employees are represented by labor unions or, except for our employees in France and Spain, covered by collective bargaining agreements.

Our Culture

Our core values are reflected in our CODEX, which was created by our employees. We emphasize these values through formal and informal training. Each year we conduct a CODEX employee engagement survey asking for employee feedback to better understand our strengths and weaknesses and assess the alignment of the CODEX with the needs of our company. Based on the results of our annual employee surveys, we believe the CODEX will continue to support our growth and success moving forward:

Integrity. We subscribe to presenting the truth, honestly, even if it’s subjective, in order to achieve mutual well-being and transparency. We might make mistakes, but we always play fair.
Community and Customer Happiness. As pain solvers focused on the solution and not on the problem, we invest time and effort to build and develop strategic, long-term relationships to ensure happiness among our community and customers.
Thinking BIG. We encourage our employees to stretch their capabilities, knowing that while we think outside the box, every detail counts.
Everyone Counts Everyone Matters. Each and every employee has a significant and driving impact on the success of JFrog. Everyone has a voice and everyone’s thoughts and ideas matter.
Innovation. We strive for technological excellence and innovation, stepping outside our comfort zone to achieve more and support market needs.
Team Spirit. We foster an atmosphere of genuine teamwork and believe in the importance of mutual trust, joint effort, and collaboration to ensure our collective success.
Open Communication. Anyone can approach everyone about anything at any time regardless of rank or affiliation.
Agility. We believe change is an opportunity; an agile mindset leads us to better results in a rapidly changing environment.
WIN! We believe that with a “good enough” mindset, we will never achieve greatness.
Care. We care more; it’s the source of our “better-ness.”

16


Recruiting, Training and Development

Our human capital objectives include, as applicable, identifying, recruiting, retaining, incentivizing and integrating our existing and new employees and consultants. We attract new employees by advertising on our JFrog careers website, as well as leveraging our employee referral program. In order to meet our professional development objectives, we have implemented several formal and informal cross-company training programs to train new managers and employees with the skills to embark on a successful career at JFrog. In addition to annual performance reviews and merit-based compensation, we also encourage employees and their managers to maintain an open dialogue on progress throughout the year. Moreover, we focus on providing each employee an individualized career path and professional development opportunities.

Diversity, Inclusion and Equity (“DEI”)

We recognize and view equality as key to our success. We strive to foster a culture of diversity and inclusion so that all of our employees feel they are respected and treated equally, regardless of gender, race, ethnicity, age, disability, sexual orientation, gender identity, cultural background or religious belief. We emphasize this principle in our CODEX value “Everyone Counts Everyone Matters” and aim to provide our employees a diverse, equitable, and inclusive work environment.

We continue to support DEI-focused hiring and mandatory DEI training for all employees. For example, our workforce is diverse both in ethnicity and gender, including and up to the highest level of management, where three of our 9-member board and four of our 12-member executive management team are women.

Compensation and Benefits

Our compensation policy is designed to attract, retain and reward personnel. In addition to competitive base salaries and other cash compensation, we offer equity incentive plans that align the interest of our employees with our shareholders by motivating individuals to perform to the best of their abilities and achieve our business objectives, driving the success of our company and increasing shareholder value.

Workforce Health and Safety

In addition to traditional employee benefits, we have implemented a number of initiatives to support the well-being, safety and health of our employees. We provide comprehensive health insurance that includes medical, dental, vision, and prescription drug coverage, along with many other benefits such as wellness and fitness membership reimbursement programs. Additionally, we are committed to workplace safety and security through office maintenance, employee training, and emergency protocols.

Corporate Information

We were incorporated under the laws of the State of Israel on April 28, 2008. We are registered with the Registrar of Companies under the company number 514130491. Our main place of business in the United States is located at 270 E. Caribbean Drive, Sunnyvale, California 94089. Our telephone number at this address is (408) 329-1540. Our registered office is located at 3 HaMahshev Street, Netanya, 4250465, Israel. Our telephone number at this address is + 972 (9)-894-1444. Our agent for service of process in the United States is JFrog, Inc.

“JFrog,” our logo, and our other registered or common law trademarks, service marks or trade names appearing in this Annual Report on Form 10-K are the property of JFrog Ltd. Other trademarks and trade names referred to in this Annual Report on Form 10-K are the property of their respective owners.

Available Information

Our website address is https://www.jfrog.com, our investor relations website is https://investors.jfrog.com, our blog https://www.jfrog.com/blog and our Twitter account is @JFrog. We have used, and intend to continue to use, our website, investor relations website, our blog and Twitter accounts as a means of disclosing material non-public information and for complying with our disclosure obligations under Regulation FD. The following filings are available through our investor relations website after we file them with the SEC: Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, current reports on Form 8-K, and our Proxy Statement for our annual meeting of shareholders. These filings are also available for download free of charge on our investor relations website. The SEC also maintains an Internet website that contains reports, proxy statements and other information about issuers, like us, that file electronically with the SEC. The address of that website is https://www.sec.gov.

17


We webcast our earnings calls and certain events we participate in or host with members of the investment community on our investor relations website. Additionally, we provide notifications of news or announcements regarding our financial performance, including SEC filings, investor events, press and earnings releases, and blogs as part of our investor relations website. Further corporate governance information, including our corporate governance guidelines, code of business conduct and ethics, and committee charters is also available on our investor relations website. Information contained on, or that can be accessed through, the websites provided does not constitute part of this Annual Report on Form 10-K or in any other report or document we file with the SEC, and inclusions of website addresses in this Annual Report on Form 10-K are inactive textual references only.

Item 1A. Risk Factors

Investing in our ordinary shares involves a high degree of risk. A description of the risks and uncertainties associated with our business and ownership of our ordinary shares is set forth below. You should carefully consider the risks and uncertainties described below, together with all of the other information contained in this Annual Report on Form 10-K, including the section titled “Management’s Discussion and Analysis of Financial Condition and Result of Operations” and our audited consolidated financial statements and the related notes thereto, before making a decision to invest in our ordinary shares. The risks and uncertainties described below are not the only ones we face. Our business, results of operations, financial condition, or prospects could also be harmed by risks and uncertainties that are not presently known to us or that we currently believe are not material. If any of the risks actually occur, our business, results of operations, financial condition, and prospects could be materially and adversely affected. In that event, the market price of our ordinary shares could decline and you could lose all or part of your investment.

Summary of Risk Factors

Investing in our ordinary shares involves a high degree of risk because our business is subject to numerous risks and uncertainties, including those outside of our control that could cause our actual results to be harmed, including, but not limited to, risks regarding the following:

Our business and operations have experienced rapid growth, and if we do not appropriately manage future growth, if any, or are unable to improve our systems, processes, and controls, our business, financial condition, results of operations, and prospects will be adversely affected.
Our recent growth may not be indicative of our future growth, and we may not be able to sustain our revenue growth rate in the future. Our growth also makes it difficult to evaluate our future prospects and may increase the risk that we will not be successful.
We have a history of losses and may not be able to achieve profitability on a consistent basis. If we cannot achieve profitability, our business, financial condition, and results of operations may suffer.
The markets for our products are new, unproven, and evolving and may develop more slowly or differently than we expect. Our future success depends on the growth and expansion of these markets and our ability to adapt and respond effectively to evolving markets.
Our results of operations are likely to fluctuate from quarter to quarter, which could adversely affect the trading price of our ordinary shares.
If we are not able to keep pace with technological and competitive developments or fail to integrate our products with a variety of technologies that are developed by others, our products may become less marketable, less competitive, or obsolete, and our results of operations may be adversely affected.
The market for our products is nascent and highly fragmented, and we may not be able to compete successfully against current and future competitors, some of whom have greater financial, technical, and other resources than we do. If we do not compete successfully our business, financial condition, and results of operations could be harmed.
JFrog Artifactory is at the center of our platform and any decline in demand for JFrog Artifactory occasioned by malfunction, inferior performance, increased competition or otherwise, will impact our business, results of operations, and financial condition.

18


We recognize a significant portion of revenue from subscriptions over the term of the relevant subscription period, and as a result, downturns or upturns in sales are not immediately reflected in full in our results of operations.
A real or perceived defect, security vulnerability, error, or performance failure in our software could cause us to lose revenue, damage our reputation, and expose us to liability.
Unfavorable economic conditions may adversely affect our business and financial condition due to impacts on consumer and business spending, including reductions in information technology spending and decreased demand for our products, which could limit our ability to grow our business.
We have acquired, and may in the future acquire, complementary businesses which could require significant management attention, disrupt our business, dilute shareholder value, and adversely affect our results of operations.
We are subject to stringent and changing laws, regulations, standards, and contractual obligations related to privacy, data protection, and data security. Our actual or perceived failure to comply with such obligations could harm our business.
A breach of our security measures or unauthorized access to proprietary and confidential data, or a perception that any security breach or other incident has occurred, may result in our platform or products being perceived as not secure, lower customer use or stoppage of use of our products, and significant liabilities.
Our international operations and expansion expose us to risks.
Your rights and responsibilities as our shareholder are governed by Israeli law, which may differ in some respects from the rights and responsibilities of shareholders of U.S. corporations.
If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.
The impact of the war between Israel and Hamas, the war between Russia and Ukraine, and other areas of geopolitical tension around the world, including the related global economic disruptions, remains uncertain at this time, and could harm or continue to harm our business and results of operations.

Risks Related to Our Business and Industry

Our business and operations have experienced rapid growth, and if we do not appropriately manage future growth, if any, or are unable to improve our systems, processes and controls, our business, financial condition, results of operations, and prospects will be adversely affected.

We have experienced rapid growth and increased demand for our products. Our total number of customers has grown to approximately 7,400 organizations as of December 31, 2023 from approximately 7,200 organizations as of December 31, 2022. Our employee headcount has also increased from approximately 1,300 as of December 31, 2022 to approximately 1,400 as of December 31, 2023. We expect to continue to grow our headcount over the next year. The growth and expansion of our business places a continuous significant strain on our management, operational, and financial resources. In addition, as customers adopt our products for an increasing number of use cases, we have had to support more complex commercial relationships. We must continue to improve and expand our information technology and financial infrastructure, our security and compliance requirements, our operating and administrative systems, and our relationships with various partners and other third parties, and our ability to manage headcount and processes in an efficient manner to manage our growth effectively.

In 2023, we released Artifactory and Platform features to become a system of record for machine learning models that fuel AI innovations in the software supply chain, enhancements to JFrog Advanced Security including SAST, and a new security product, JFrog Curation. These enhancements and releases represent an expansion beyond our core developer/operations (DevOps) business, delving more deeply into software security (DevSecOps) and MLOps. We may not be able to sustain the pace of improvements to our products successfully or implement systems, processes, and controls in an efficient or timely manner or in a manner that does not negatively affect our results of operations. Our failure to improve our systems, processes, and controls, or their failure to operate in the intended manner, may result in our inability to manage the growth of our business and to forecast our revenue, expenses, and earnings accurately, or to prevent losses.

19


As we expand our business and continue operating as a public company, we may find it difficult to maintain our corporate culture while managing our employee growth. Any failure to manage our anticipated growth and related organizational changes in a manner that preserves our culture could negatively impact future growth and achievement of our business objectives. Additionally, our productivity and the quality of our products may be adversely affected if we do not integrate and train our new employees quickly and effectively. Failure to manage any future growth effectively could result in increased costs, negatively affect our customers’ satisfaction with our products and harm our results of operations.

Our recent growth may not be indicative of our future growth, and we may not be able to sustain our revenue growth rate in the future. Our growth also makes it difficult to evaluate our future prospects and may increase the risk that we will not be successful.

Our total revenues for the years ended December 31, 2023, 2022 and 2021 were $349.9 million, $280.0 million and $206.7 million, respectively, representing a growth rate of 25% and 35% for the years ended December 31, 2023 and 2022, respectively. You should not rely on the revenue growth of any prior quarterly or annual period as an indication of our future performance. Even if our revenue continues to increase, we expect our revenue growth rate to decline in future periods. For example, we experienced slowed growth during the COVID-19 pandemic. Many factors may contribute to declines in our growth rate, including greater market penetration, increased competition, slowing demand for our platform, a failure by us to continue capitalizing on growth opportunities, the maturation of our business, and global economic downturn, among others. If our growth rate declines, investors’ perceptions of our business and the market price of our ordinary shares could be adversely affected.

In addition, our rapid growth may make it difficult to evaluate our future prospects. Our ability to forecast our future results of operations is subject to a number of uncertainties, including our ability to effectively plan for and model future growth. We have encountered in the past, and may encounter in the future, risks and uncertainties frequently experienced by growing companies in rapidly changing industries. If we fail to achieve the necessary level of efficiency in our organization as it grows, or if we are not able to accurately forecast future growth, our business would be harmed. Moreover, if the assumptions that we use to plan our business are incorrect or change in reaction to changes in our market, or we are unable to maintain consistent revenue or revenue growth, our share price could be volatile, and it may be difficult to achieve and maintain profitability.

We have a history of losses and may not be able to achieve profitability on a consistent basis. If we cannot achieve profitability, our business, financial condition, and results of operations may suffer.

Although we have achieved positive operating cash flow and free cash flow, we have incurred losses in all years since our incorporation. We incurred a net loss of $61.3 million, $90.2 million and $64.2 million in the years ended December 31, 2023, 2022 and 2021, respectively. As a result, we had an accumulated deficit of $290.4 million as of December 31, 2023. We anticipate that our operating expenses will increase substantially in the foreseeable future as we continue to enhance our products, broaden our customer base, expand our sales and marketing activities, including building a customer success team and continuing to invest in our strategic sales team, expanding our operations, hiring additional employees, and continuing to develop our technology. These efforts may prove more expensive than we currently anticipate, and we may not succeed in increasing our revenue sufficiently, or at all, to offset these higher expenses. Revenue growth may slow or revenue may decline for a number of possible reasons, including slowing demand for our products or increasing competition. Any failure to increase our revenue as we grow our business could prevent us from achieving profitability or maintaining positive operating cash flow and free cash flow at all or on a consistent basis, which would cause our business, financial condition, and results of operations to suffer.

The markets for our products are new, unproven, and evolving and may develop more slowly or differently than we expect. Our future success depends on the growth and expansion of these markets and our ability to adapt and respond effectively to evolving markets.

The markets for our products are relatively new, rapidly evolving, and unproven. Accordingly, it is difficult to predict customer adoption and renewals and demand for our platform and our products, the entry of competitive products, the success of existing competitive products, or the future growth rate, expansion, longevity, and the size of the DevOps, DevSecOps, MLOps, and software release management software markets. The expansion of and our ability to penetrate, these new and evolving markets depends on a number of factors, including: the cost, performance, and perceived value associated with DevOps, DevSecOps, and MLOps technologies, as well as the ability of DevOps workflows to improve critical steps in the lifecycle of software, including managing software security. If we or other software and SaaS providers experience security incidents, loss of customer data, or disruptions in delivery or service, the market for these applications as a whole, including our platform and products may be negatively affected. If DevOps, DevSecOps, and software release management software do not continue to achieve market acceptance, or there is a reduction in demand caused by decreased customer acceptance, technological challenges, weakening economic conditions, privacy, data protection and data security concerns, governmental regulation, competing technologies and products, or decreases in information technology spending or otherwise, the market for our platform and products might not

20


continue to develop or might develop more slowly than we expect, which could adversely affect our business, financial condition, and results of operations.

Our results of operations are likely to fluctuate from quarter to quarter, which could adversely affect the trading price of our ordinary shares.

Our results of operations, including our revenue, cost of revenue, gross margin, operating expenses, cash flow, and deferred revenue, have fluctuated from quarter to quarter in the past and may continue to vary significantly in the future so that period-to-period comparisons of our results of operations may not be meaningful. Accordingly, our financial results in any one quarter should not be relied upon as indicative of future performance. Our quarterly financial results may fluctuate as a result of a variety of factors, many of which are outside of our control, may be difficult to predict, and may or may not fully reflect the underlying performance of our business. Factors that may cause fluctuations in our quarterly financial results include:

general economic, industry, and market conditions, including adverse macroeconomic conditions such as inflation;
our ability to attract and retain new customers;
the loss of existing customers;
renewals and timing of renewals;
customer usage of our products;
customer satisfaction with our products and platform capabilities and customer support;
our ability to expand sales within our existing customers;
mergers and acquisitions that might affect our customer base including the consolidation of affiliates’ multiple paid business accounts into a single paid business account;
our ability to gain new partners and retain existing partners;
our ability to convert users of free trials and open source version of JFrog Artifactory into subscribing customers;
increases or decreases in the number of elements of our subscriptions or pricing changes upon any renewals of customer agreements;
fluctuations in share-based compensation expense;
decisions by potential customers to purchase alternative solutions;
decisions by potential customers to develop in-house DevOps and DevSecOps technologies as alternatives to our products;
the amount and timing of operating expenses related to the maintenance and expansion of our business and operations, including investments in research and development, sales and marketing, and general and administrative resources;
network outages;
actual or perceived breaches of, or failures relating to, privacy, data protection, or data security;
the timing of expenses related to the development or acquisition of technologies or businesses and potential future charges for impairment of goodwill from acquired companies;
the impact of political uncertainty or unrest, including the Russia-Ukraine war, and the Israel-Hamas war, other areas of geopolitical tension around the world, or the worsening of that conflict or tensions and the related global economic disruptions;
changes in our pricing policies or those of our competitors;

21


fluctuations in the growth rate of the overall market that our products address;
the budgeting cycles and purchasing practices of customers;
the business strengths or weakness of our customers;
our ability to collect timely on invoices or receivables;
the cost and potential outcomes of future litigation or other disputes;
future accounting pronouncements or changes in our accounting policies;
our overall effective tax rate, including impacts caused by any reorganization in our corporate tax structure and any new legislation or regulatory developments;
our ability to successfully expand our business in the U.S. and internationally;
fluctuations in the mix of our revenue between self-managed subscriptions and SaaS subscriptions;
fluctuations in foreign currency exchange rates; and
the timing and success of new products introduced by us or our competitors or any other change in the competitive dynamics of our industry, including consolidation among competitors, customers or partners.

The impact of one or more of the foregoing or other factors may cause our results of operations to vary significantly. Such fluctuations could cause us to fail to meet the expectations of investors or securities analysts, which could cause the trading price of our ordinary shares to fall substantially, and we could face costly lawsuits, including securities class action suits.

If we are not able to keep pace with technological and competitive developments or fail to integrate our products with a variety of technologies that are developed by others, our products may become less marketable, less competitive, or obsolete, and our results of operations may be adversely affected.

In order to provide value for our customers, we must offer products that allow our customers to compile software from source code repositories, manage the dependencies among components within software packages, move packages and ML models to a universal repository, ingest packages from third parties, including open source libraries, scan for vulnerabilities through various stages, distribute to endpoints, and deploy in production, all through a single user access point. The success of any new product introductions depends on a number of factors including, but not limited to, timely and successful product development, market acceptance, the quality of our product and the user experience, our ability to manage the risks associated with new product releases, the effective management of development and other spending in connection with anticipated demand for new products, and the availability of newly developed products. We have in the past experienced bugs, errors, or other defects or deficiencies in new products and product updates and delays in releasing new products, deployment options, and product enhancements and may have similar experiences in the future. As a result, some of our customers may either defer purchasing our products until the next upgrade is released or switch to a competitor if we are not able to keep up with technological developments. For example, AI and machine learning may change the way our industry operates, and businesses that are slow to adopt or fail to adopt these new technologies may face a competitive disadvantage. In addition, if defects are not discovered until after customers purchase our products, our customers could lose confidence in the quality of our products and our reputation and brand may be harmed. If significant bugs, errors, or other defects or deficiencies are not discovered and patched in a timely manner, unauthorized parties could gain access to such products. Any negative publicity related to the perceived quality of our products could harm our business, results of operations, and financial condition.

To keep pace with technological and competitive developments we have in the past invested, and may continue to invest, in the acquisition of complementary businesses, technologies, services, products, and other assets that expand the products that we can offer our customers. For example, in 2021, we acquired Vdoo Connected Trust Ltd. (“Vdoo”), a privately-held security company, and Upswift Ltd. (“Upswift”), a cloud-based platform company and creator of connected device management software for developers. We may make these investments without being certain that they will result in products or enhancements that will be accepted by existing or prospective customers or that will achieve market acceptance. If we are unable to successfully enhance our existing products to meet evolving customer requirements, increase adoption and use cases of our products, develop new

22


products, quickly resolve security vulnerabilities, or if our efforts to increase the use cases of our products are more expensive than we expect, then our business, results of operations and financial condition would be adversely affected.

Our business and success depend in part on our strategic relationships with third parties, including our third-party hosting providers and our partner ecosystem, and if we fail to maintain or expand these relationships, our results of operations and reputation could be harmed.

We currently depend on, and anticipate we will continue to depend on, various third-party relationships to sustain and grow our business. For example, we currently partner with third-party public cloud partners, such as Amazon Web Services (AWS), Microsoft Azure (including Azure DevOps) and Alphabet Inc.’s Google Cloud, who provide our services through their marketplaces. Our technology partnership ecosystem powers significant extensibility of our products, offers our customers the ability to use external tools of their choice with our products, provides the ability to deploy our products in their preferred environments, and allows them to support new package technologies as they are released. Accordingly, our SaaS products must be compatible with major cloud service providers in order to support local hosting of our JFrog-managed products in geographies chosen by our customers and third parties with whom we may partner.

We have also established relationships with certain channel partners to distribute our products. We believe that continued growth in our business is dependent upon identifying, developing and maintaining strategic relationships with our existing and potential channel partners that can drive substantial revenue and provide additional value added services to our customers. If we are unable to develop and maintain successful relationships with our channel partners, our business, results of operations, and financial condition could be harmed. In addition, our agreements with our channel partners are non-exclusive, so they may offer customers the products of several different companies, including products that compete with ours.

It is uncertain whether these third parties will be successful in co-marketing our solutions to provide a significant volume and quality of lead referrals and orders, or whether they will continue to work with us long-term. Changes in our relationship with any third-party partner or third-party provider, the instability or vulnerability of any third-party technology, or the inability of our products to successfully integrate with third-party technology may adversely affect our business and results of operations.

While also partners, public cloud providers may compete with a subset of JFrog functionality and we may also face competition from them. For example, third-party hosting providers currently selling our products and services could build and market their own competing products and services or market competing products and services of other vendors.

Further, identifying and negotiating new and expanded partner relationships requires significant resources and we cannot guarantee that the parties with which we currently have relationships can or will continue to devote the resources necessary to operate and expand their use of our platform. If we are unsuccessful in establishing or maintaining our partner relationships or any other strategic relationships with third parties, our ability to compete, our revenue, results of operations, and future prospects could be harmed.

Even if we are successful in establishing and maintaining our relationships with third-parties, we cannot ensure that our relationships will result in sustained or increased usage of our platform. In addition, any failure of our solutions to operate effectively with the business applications of any third-party partners could reduce the demand for our solutions and cause harm our business and reputation. We may also be held responsible for obligations that arise from the actions or omissions of third parties with which we do business. Further, any expansion into new geographies may require us to integrate our products with new third-party technology and invest in developing new relationships with providers. If we are unable to respond to changes in a cost-effective manner, our products may become less marketable, less competitive, or obsolete and our results of operations may be negatively impacted.

A limited-functionality version of JFrog Artifactory is licensed under an open source license, which could negatively affect our ability to monetize our products and protect our intellectual property rights.

We make a limited-functionality version of JFrog Artifactory that only supports Java-based packages, and also lacks other features required for organization-wide adoption by DevOps teams, available under an open source license, the Affero General Public License version 3.0 (“AGPL”). The AGPL grants licensees broad freedom to view, use, copy, modify, and redistribute the source code of this limited version of JFrog Artifactory. Anyone can download a free copy of this limited version of JFrog Artifactory from the Internet, and we neither know who all of our AGPL licensees are, nor have visibility into how JFrog Artifactory is being used by licensees, so our ability to detect violations of the open source license is extremely limited.

23


The AGPL has a “copyleft” requirement that further distribution of AGPL-licensed software and modifications or adaptations to that software be made available pursuant to the AGPL as well. This leads some commercial enterprises to consider AGPL-licensed software to be unsuitable for commercial use. However, the AGPL would not prevent a commercial licensee from taking this open source version of JFrog Artifactory under AGPL and using it for internal purposes for free. AGPL also would not prevent a commercial licensee from taking this open source version of JFrog Artifactory under AGPL and using it to compete in our markets by providing it for free.

This competition can develop without the degree of overhead and lead time required by traditional proprietary software companies, due to the permissions allowed under AGPL. It is also possible for competitors to develop their own software based on our open source version of JFrog Artifactory. Although this software would also need to be made available for free under the AGPL, it could reduce the demand for our products and put pricing pressure on our subscriptions. We cannot guarantee that we will be able to compete successfully against current and future competitors, some of which may have greater resources than we have, or that competitive pressure or the availability of new open source software will not result in price reductions, reduced operating margins, and loss of market share, any one of which could harm our business, financial condition, results of operations, and cash flows.

The market for our products is nascent and highly fragmented, and we may not be able to compete successfully against current and future competitors, some of whom have greater financial, technical, and other resources than we do. If we do not compete successfully our business, financial condition, and results of operations could be harmed.

Our platform consists of multiple products in DevOps and DevSecOps, and we compete in each product category as well as the entire platform level. The market for our products is highly fragmented, quickly evolving, and subject to rapid changes in technology. We believe that our ability to compete successfully depends upon many factors both within and beyond our control, including the following:

ability to provide an end-to-end, unified platform solution for the DevOps and DevSecOps workflows;
ability to provide updated security products to create and maintain trusted software releases;
breadth of technologies we support;
breadth of technology integrations;
total cost of ownership;
extensibility across organizations, including software developers, security teams, AI/ML engineers, data scientists, and IT operators;
ability to enable collaboration between software developers, security teams, and IT operators;
ability to deploy our products in any combination of cloud, multi-cloud, on-premise, or hybrid environments;
performance, security, scalability, and reliability;
quality of customer experience and satisfaction;
quality of customer support;
ease of implementation and use; and
brand recognition and reputation.

Our products are available for self-managed, SaaS, and hybrid deployments. While we believe we compete successfully on the above factors, particularly with regards to the comprehensive nature of our solutions, we do experience competition in each of these categories with different vendors:

24


Home grown solutions. Over time, many companies built solutions in-house for specific use cases they uniquely required. Often, these solutions do not scale or were not designed to meet the needs of modern software delivery methodologies or technologies.
DevOps and developer-focused vendors. Many companies address only certain parts of the DevOps cycle and may compete with a limited set of JFrog offerings, including Microsoft’s GitHub, GitLab, Inc., Cloudsmith and Sonatype.
Cloud providers. While also partners, cloud providers, such as Amazon Web Services (AWS), Microsoft Azure (including Azure DevOps) and Alphabet Inc.’s Google Cloud, may compete with a subset of JFrog functionality.
Security point solutions. Some security-focused companies may compete with a subset of JFrog’s holistic security offerings or address only developer-level security, such as Aqua Security, Snyk, Sonatype and Synopsys.
Diversified vendors. Some diversified technology companies, such as IBM, Inc. (including Red Hat), Pivotal Software and VMware, Inc. (now Broadcom Inc.) may have offerings that compete with certain JFrog products.

Additionally, we compete with home-grown, start-up, and open source technologies across the categories described above. Many of our competitors have greater financial, technical, and other resources, greater brand recognition, larger sales forces and marketing budgets, broader distribution networks, more diverse product and services offerings, and larger and more mature intellectual property portfolios. They may be able to leverage these resources to gain business in a manner that discourages customers from purchasing our offerings. Furthermore, we expect that our industry will continue to attract new companies, including smaller emerging companies, which could introduce new offerings. We may also expand into new markets and encounter additional competitors in such markets.

JFrog Artifactory is at the center of our platform and any decline in demand for JFrog Artifactory occasioned by malfunction, inferior performance, increased competition or otherwise, will impact our business, results of operations and financial condition.

Our subscription structure is aligned with the way we have built our platform, and JFrog Artifactory is at the center of our platform and all subscriptions. Accordingly, market acceptance of JFrog Artifactory is critical to our success. If demand for JFrog Artifactory declines, the demand for our other products will also decline. Demand for JFrog Artifactory is affected by a number of factors, many of which are beyond our control, such as continued market acceptance of JFrog Artifactory and products by customers for existing and new use cases, the timing of development and release of new features, functionality, and lower cost alternatives introduced by our competitors, technological changes and developments within the markets we serve, and growth or contraction in our addressable markets. If we are unable to continue to meet customer demand, if our products fail to compete with the products of our competitors, if we fail to achieve more widespread market acceptance of JFrog Artifactory, or if our products fail to meet statutory, regulatory, contractual, or other applicable requirements, then our business, results of operations, and financial condition would be harmed.

If we are unable to increase sales of our subscriptions to new customers, sell additional subscriptions to our existing customers, or expand the value of our existing customers’ subscriptions, our future revenue and results of operations will be harmed.

Our future success depends on our ability to sell our subscriptions to new customers and to expand within our existing customers by selling paid subscriptions to our existing users and expanding the value and number of existing customers’ subscriptions within the organization. Our ability to sell new subscriptions depends on a number of factors, including the prices of our products, the functionality of our products, the prices of products offered by our competitors, and the budgets of our customers. We serve customer needs with multiple tiers of subscriptions that differ based on product depth and functionality. We also offer a limited free trial of our platform. To the extent that users of our free trial do not become, or lead others not to become, paying customers, we will not realize the intended benefits of these strategies, our expenses may increase as a result of associated hosting costs, and our ability to grow our business may be harmed.

We also offer an open source version of JFrog Artifactory. Our open source version is intended to increase visibility and familiarity of our platform among the developer communities. We invest in developers and developer communities through multiple channels, including the introduction of new open source projects, as well as through our annual developer conference, swampUP, and other community-centered events. There is no guarantee that such events will translate into new customers, or that open source users will convert to paying subscribers.

25


In addition, a significant aspect of our sales and marketing focus is to expand deployments within existing customers. The rate at which our customers purchase additional subscriptions and expand the value of existing subscriptions depends on a number of factors, including customers’ level of satisfaction with our products, the nature and size of the deployments, the desire to address additional use cases, and the perceived need for additional features, as well as general economic conditions. We have experienced in the past and expect in the future that recessionary concerns and other unfavorable economic conditions will negatively impact our ability to expand deployments within existing customers. If our customers do not recognize the potential of our products, our business would be materially and adversely affected.

Seasonality may cause fluctuations in our sales and results of operations.

Historically, we have experienced seasonality in customer bookings, as we typically enter into a higher percentage of subscription agreements with new customers and renewals with existing customers in the fourth quarter of the year. We believe that this results from the procurement, budgeting, and deployment cycles of many of our customers, particularly our enterprise customers. We expect that this seasonality will continue to affect our bookings, deferred revenue, and our results of operations in the future and might become more pronounced as we continue to target larger enterprise customers.

In addition, we have historically experienced seasonality in usage patterns by users of our SaaS subscriptions. We typically experience reduced usage by our customers during holiday periods, particularly at the end of the fourth quarter. As revenue from our SaaS subscriptions is recognized based upon usage, the changes in usage patterns may negatively affect revenues from our SaaS subscriptions and our results of operations.

If our existing customers do not renew their subscriptions, it could have an adverse effect on our business and results of operations.

We expect to derive a significant portion of our revenue from renewals of existing subscriptions. Our customers have no contractual obligation to renew their subscriptions after the completion of their subscription term. Our self-managed subscriptions are offered on an annual and multi-year basis, and SaaS subscriptions are offered on an annual basis, with the exception of certain SaaS subscriptions, which are also offered on a monthly basis. For our JFrog-managed products, we also offer subscriptions for committed usage amounts. Our customers’ renewals may decline or fluctuate as a result of a number of factors, including their satisfaction with our products and our customer support, the frequency and severity of product outages, our product uptime or latency, the pricing of our, or competing, products, additional new features and capabilities that we offer, new integrations, and updates to our products as a result of updates by technology partners. If our customers renew their subscriptions, they may renew for shorter subscription terms or on other terms that are less economically beneficial to us. Furthermore, our self-managed products are sold with perpetual or subscription licenses and we depend on the deployment of material updates to such products to drive renewals. If we do not provide material updates to these products, customers may not renew their existing subscriptions and may continue to use our products under the original license instead. We may not accurately predict future renewal trends. If our customers do not renew their subscriptions, or renew on less favorable terms, our revenue may grow more slowly than expected or decline.

We recognize a significant portion of revenue from subscriptions over the term of the relevant subscription period, and as a result, downturns or upturns in sales are not immediately reflected in full in our results of operations.

We recognize a significant portion of our subscription revenue over the term of the relevant subscription period. As a result, much of the subscription revenue we report each fiscal quarter is the recognition of deferred revenue from subscription contracts entered into during previous fiscal quarters. Consequently, a decline in new or renewed subscriptions in any one fiscal quarter will not be fully or immediately reflected in revenue in that fiscal quarter and will negatively affect our revenue in future fiscal quarters. Accordingly, the effect of significant downturns in new or renewed sales of our subscriptions is not reflected in full in our results of operations until future periods.

A real or perceived defect, security vulnerability, error, or performance failure in our software could cause us to lose revenue, damage our reputation, and expose us to liability.

Our products are inherently complex and, despite extensive testing and quality control, have in the past and may in the future contain defects or errors, especially when first introduced, or not perform as contemplated. These defects, security vulnerabilities, errors, or performance failures could cause damage to our reputation, loss of customers or revenue, order cancellations, service terminations, or lack of market acceptance of our software. As the use of our products, including products that were recently acquired or developed, expands to more sensitive, secure, or mission critical uses by our customers, we may be subject to increased scrutiny, potential reputational risk, or potential liability should our software fail to perform as contemplated in such deployments. We have in the past and may in the future need to issue corrective releases of our software to fix these defects,

26


errors or performance failures, which could require us to allocate significant research and development and customer support resources to address these problems.

Any limitation of liability provisions that may be contained in our customer, user, third-party vendor, service provider, and partner agreements may not be enforceable or adequate or effective as a result of existing or future applicable law or unfavorable judicial decisions, and they may not function to limit our liability arising from regulatory enforcement. The sale and support of our products entail the risk of liability claims, which could be substantial in light of the use of our products in enterprise-wide environments. In addition, our insurance against this liability may not be adequate to cover a potential claim and potentially may be subject to exclusions, or that the insurer will deny coverage as to any future claim or exclude from our coverage such claims in policy renewals. The denial of our claims by our insurer or the successful assertion of claims by others against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, results of operations and reputation.

Incorrect implementation or use of, or our customers’ failure to update, our software could result in customer dissatisfaction and negatively affect our business, operations, financial results, and growth prospects.

Our products are often operated in large scale, complex IT environments. Our customers and some partners require training and experience in the proper use of and the benefits that can be derived from our products to maximize their potential. If users of our products do not implement, use, or update our products correctly or as intended, then inadequate performance and/or security vulnerabilities may result. Because our customers rely on our software to manage a wide range of operations, the incorrect implementation, use of, or our customers’ failure to update, our software or our failure to train customers on how to use our software productively has in the past and may in the future result in customer dissatisfaction, and negative publicity and may adversely affect our reputation and brand. Our failure to effectively provide training and implementation services to our customers could result in lost opportunities for follow-on sales to these customers and decrease subscriptions by new customers, which would adversely affect our business and growth prospects.

Interruptions or performance problems associated with our technology and infrastructure, and our reliance on technologies from third parties, may adversely affect our business operations and financial results.

We outsource substantially all of the infrastructure relating to our cloud products to third-party cloud providers chosen by our customers. Customers of our SaaS offerings need to be able to access our platform at any time, without interruption or degradation of performance, and we provide them with service-level commitments with respect to uptime. Third-party cloud providers run their own platforms that we access, and we are, therefore, vulnerable to their service interruptions and any changes in their product offerings. Any limitation on the capacity of our third-party hosting services could impede our ability to onboard new customers or expand the usage of our existing customers, which could adversely affect our business, financial condition, and results of operations. In addition, any incident affecting our third-party hosting services’ infrastructure that may be caused by cyber-attacks, natural disasters, fire, flood, severe storm, earthquake, power loss, telecommunications failures, terrorist or other attacks, protests or riots, and other similar events beyond our control could negatively affect our cloud-based and multi-cloud hybrid products. These risks may be heightened in connection with the war between Israel and Hamas, the war between Russia and Ukraine, and associated geopolitical tensions and regional instability. It is also possible that our customers and regulators would seek to hold us accountable for any breach of security affecting a third-party cloud provider’s infrastructure and we may incur significant liability in investigating such an incident and responding to any claims, investigations, or proceedings made or initiated by those customers, regulators, and other third parties. We may not be able to recover a material portion of such liabilities from any of our third-party cloud providers. It may also become increasingly difficult to maintain and improve our performance, especially during peak usage times, as our software becomes more complex and the usage of our software increases. Moreover, our insurance may not be adequate to cover such liability and may be subject to exclusions. Any of the above circumstances or events may harm our business, results of operations, and financial condition.

In addition, our website and internal technology infrastructure may experience performance issues due to a variety of factors, including infrastructure changes, human or software errors, website or third-party hosting disruptions, capacity constraints, technical failures, natural disasters, or fraud or security attacks. Our use and distribution of open source software may increase this risk. If our website is unavailable or our users are unable to download our products or order subscriptions or services within a reasonable amount of time or at all, our business could be harmed. We expect to continue to make significant investments to maintain and improve website performance and to enable rapid releases of new features and applications for our products. To the extent that we do not effectively upgrade our systems as needed and continually develop our technology to accommodate actual and anticipated changes in technology, our business and results of operations may be harmed.

27


In the event that our service agreements with our third-party hosting services are terminated, or there is a lapse of service, elimination of services or features that we utilize, interruption of internet service provider connectivity or damage to such facilities, we could experience interruptions in access to our platform as well as significant delays and additional expense in arranging or creating new facilities and services and/or re-architecting our cloud solution for deployment on a different cloud infrastructure service provider, which could adversely affect our business, financial condition, and results of operations.

We also rely on cloud technologies from third parties in order to operate critical functions of our business, including financial management services, relationship management services, and lead generation management services. If these services become unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices, our expenses could increase, our ability to manage our finances could be interrupted, our processes for managing sales of our products and supporting our customers could be impaired, and our ability to generate and manage sales leads could be weakened until equivalent services, if available, are identified, obtained, and implemented, any of which could harm our business and results of operations.

We typically provide service-level commitments under our subscription agreements. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service or face subscription termination with refunds of prepaid amounts, which would lower our revenue and harm our business, financial condition, and results of operations.

Our subscription agreements typically contain service-level commitments. If we are unable to meet the stated service-level commitments, including failure to meet the uptime and response time requirements under our customer subscription agreements, we may be contractually obligated to provide these customers with service credits which could significantly affect our revenue in the periods in which the failure occurs and the credits are applied. We could also face subscription terminations and a reduction in renewals, which could significantly affect both our current and future revenue. We offer multiple tiers of subscriptions to our products and as such our service-level commitments will increase if more customers choose subscriptions of JFrog Pro X, JFrog Enterprise X, and JFrog Enterprise Plus. Any service-level failures could also damage our reputation, which could also adversely affect our business, financial condition and results of operations.

We depend on our executive officers and other key employees, and the loss of one or more of these employees or an inability to attract and retain highly skilled employees could harm our business.

Our future success depends, in part, on our ability to continue to attract and retain highly skilled personnel. The loss of the services of any of our key personnel, the inability to attract or retain qualified personnel, or delays in hiring required personnel, particularly in engineering and sales, may seriously harm our business, financial condition, and results of operations. Although we have entered into employment agreements with our key personnel, employment in the United States is for no specific duration and constitutes at-will employment. We are also substantially dependent on the continued service of our existing engineering personnel because of the complexity of our products.

Our future performance also depends on the continued services and continuing contributions of our senior management to execute on our business plan and to identify and pursue new opportunities and product innovations. The loss of services of senior management could significantly delay or prevent the achievement of our development and strategic objectives, which could adversely affect our business, financial condition, and results of operations.

Additionally, the industry in which we operate is generally characterized by significant competition for skilled personnel as well as high rates of employee attrition. There is currently a high demand for experienced DevSecOps professionals and we may not be successful in attracting, integrating or retaining qualified personnel to fulfill our current or future needs. Also, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited, that they have divulged proprietary or other confidential information, or that their former employers own their inventions or other work product.

To execute our growth plan, we must attract and retain highly qualified personnel. Competition for these employees is intense, specifically for engineers for research and development, security experts, and support positions who are experienced in DevSecOps, and such competition often results in increasing wages, especially in Israel, where most of our research and development positions are located, and in the San Francisco Bay Area, where we have a significant presence. Therefore, we may not be successful in attracting and retaining qualified personnel. We have from time to time in the past experienced, and we expect to continue to experience, difficulty in hiring and retaining highly skilled employees with appropriate qualifications. Our recent hires and planned hires may not become as productive as we expect, and we may be unable to hire, integrate or retain sufficient numbers of qualified individuals. Many of the companies with which we compete for experienced personnel have greater resources than we have and due to our profile and market position, such competitors actively seek to hire skilled personnel away from us, even if such employee has entered into a non-compete agreement. Israeli labor courts have required employers seeking to enforce non-compete undertakings of a former employee to demonstrate that the competitive activities of the former

28


employee will harm one of a limited number of material interests of the employer that have been recognized by the courts, such as the protection of a company’s trade secrets or other intellectual property. We may not be able to make such a demonstration.

In addition, in making employment decisions, particularly in the internet and high-technology industries, job candidates often consider the value of the equity they are to receive in connection with their employment. Employees may be more likely to leave us if the shares they own or the shares underlying their equity incentive awards have significantly appreciated or significantly reduced in value. Many of our employees may receive significant proceeds from sales of our equity in the public markets, which may reduce their motivation to continue to work for us and could lead to employee attrition. If we fail to attract new personnel, or fail to retain and motivate our current personnel, our business and growth prospects could be harmed.

If we are not able to maintain and enhance our brand, especially among developers, security teams, and IT operators, our business and results of operations may be adversely affected.

We believe that developing and maintaining widespread awareness of our brand, especially with developers, security teams, and IT operators, is critical to achieving widespread acceptance of our software and attracting new users and customers. Brand promotion activities may not generate user or customer awareness or increase revenue, and even if they do, any increase in revenue may not offset the expenses we incur in building our brand. If we fail to successfully promote and maintain our brand, we may fail to attract or retain users and customers necessary to realize a sufficient return on our brand-building efforts, or to achieve the widespread brand awareness that is critical for broad customer adoption of our products.

Our corporate culture has contributed to our success, and if we cannot maintain this culture as we grow, we could lose the innovation, creativity, and entrepreneurial spirit we have worked to foster, which could harm our business.

We believe that our culture has been and will continue to be a key contributor to our success. We expect to continue to hire as we expand. If we do not continue to maintain our corporate culture as we grow, we may be unable to foster the innovation, creativity, and entrepreneurial spirit we believe we need to support our growth. Our anticipated headcount growth and our continued operation as a public company may result in a change to our corporate culture, which could harm our business.

Our ability to achieve customer renewals and increase sales of our products is highly dependent on the quality of our customer support, and our failure to offer high quality support would have an adverse effect on our business, reputation, and results of operations.

Our customers depend on our customer support services to resolve issues and realize the full benefits relating to our products. If we do not succeed in helping our customers quickly resolve post-deployment issues or provide effective ongoing support and education on our products, our ability to sell additional subscriptions to, or renew subscriptions with, existing customers or expand the value of existing customers’ subscriptions would be adversely affected and our reputation with potential customers could be damaged. Many larger enterprise customers have more complex IT environments and require higher levels of support than smaller customers. If we fail to meet the requirements of these enterprise customers, it may be more difficult to grow sales with them.

Additionally, it can take several months to recruit, hire, and train qualified engineering-level customer support employees. We may not be able to hire such resources fast enough to keep up with demand, particularly if the sales of our products exceed our internal forecasts. To the extent that we are unsuccessful in hiring, training, and retaining adequate support resources, our ability to provide adequate and timely support to our customers, and our customers’ satisfaction with our products, will be adversely affected. Our failure to provide and maintain high-quality support services would have an adverse effect on our business, reputation, and results of operations.

We currently primarily rely on an inbound sales model that may not continue to be as successful as we anticipate, and the absence of a large, direct, traditional sales function may impede the growth of our business.

We currently primarily rely on an inbound sales model that may not continue to be as successful as we anticipate, and the absence of a large, direct, traditional sales function may impede our future growth. We intend to continue to expand our strategic sales team to identify new use cases and drive expansion and standardization on JFrog within our largest customers. There is no guarantee however that this strategic sales team will be successful. Moreover, we are not able to predict whether the deployment of our strategic sales team may adversely affect our inbound sales model. If our efforts to sell subscriptions to new customers and to expand deployments with existing customers are not successful, our total revenue and revenue growth rate may decline and our business will suffer.

29


Further, as we continue to scale our business, a more traditional sales infrastructure could assist in reaching larger enterprise customers and growing our revenue. Identifying, recruiting, and training such a qualified sales force would require significant time, expense and attention and would significantly impact our business model. We believe that there is significant competition for sales personnel, including sales representatives, sales managers, and sales engineers, with the skills and technical knowledge that we require. Our ability to achieve revenue growth will depend, in large part, on our success in recruiting, training, and retaining sufficient numbers of sales personnel to support our growth. New hires require significant training and may take significant time before they achieve full productivity.

In addition, expanding our sales infrastructure would considerably change our cost structure and results of operations, and we may have to reduce other expenses, such as our research and development expenses, in order to accommodate a corresponding increase in marketing and sales expenses, and maintain positive operating cash flow and free cash flow. Moreover, recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. In addition, particularly if we continue to grow rapidly, a large percentage of our sales force will have relatively little experience working with us, our subscriptions and our business model. If our lack of a large, direct enterprise sales force limits us from reaching larger enterprise customers and growing our revenue and we are unable to hire, develop, and retain talented sales personnel in the future, our revenue growth and results of operations may be harmed.

The sales prices of our products may fluctuate or decline, which may reduce our revenue and gross profit and adversely affect our financial results.

The sales prices for our products may fluctuate or decline for a variety of reasons, including competitive pricing pressures, discounts, anticipation of the introduction of new products, or promotional programs. Competition continues to increase in the market segments in which we participate, and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Larger competitors with more diverse offerings may reduce the price of offerings that compete with ours or may bundle them with other offerings and provide for free. Additionally, currency fluctuations in certain countries and regions may negatively impact actual prices that customers and partners are willing to pay in those countries and regions. Any decrease in the sales prices for our products, without a corresponding decrease in costs or increase in volume, would adversely affect our revenue and gross profit. Revenue and gross profit would also be adversely affected by a shift in mix of our subscriptions from self-managed to our SaaS offerings, which have a lower gross margin. We cannot assure you that we will be able to maintain our prices and gross profits at levels that will allow us to achieve and maintain profitability.

Further, we have in the past, and expect in the future, to need to change our pricing model from time to time. While we do and will attempt to set prices based on our prior experiences and customer feedback, our assessments may not be accurate, and we could be underpricing or overpricing our products. In addition, if our subscriptions change, then we may need to revise our pricing strategies. Any such changes to our pricing strategies or our ability to efficiently price our offerings could adversely affect our business, results of operations and financial condition. Pricing pressures and decisions could result in reduced sales, reduced margins, losses or the failure of our products to achieve or maintain more widespread market acceptance, any of which could negatively impact our overall business, results of operations and financial condition.

We expect our revenue mix to vary over time, which could harm our gross margin and results of operations.

We expect our revenue mix to vary over time due to a number of factors, including the mix of our subscriptions for self-managed and SaaS offerings, which may affect the timing and amount of revenue recognized and the associated costs. Further, our gross margins and results of operations could be harmed by numerous other factors, including entry into new markets or growth in lower margin markets; entry into markets with different pricing and cost structures; pricing discounts; and increased price competition. Any one of these factors or the cumulative effects of certain of these factors may result in significant fluctuations in our gross margin and results of operations. This variability and unpredictability could result in our failure to meet internal expectations or those of securities analysts or investors for a particular period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our ordinary shares could decline.

The length of our sales cycle can be unpredictable, particularly with respect to sales to large customers, and our sales efforts may require considerable time and expense.

Our results of operations may fluctuate, in part, because of the length and variability of the sales cycle of our subscriptions and the difficulty in making short-term adjustments to our operating expenses. Our results of operations depend in part on sales to new large customers and increasing sales to existing customers. The length of our sales cycle, from initial contact from a prospective customer to contractually committing to our paid subscriptions can vary substantially from customer to customer based on deal complexity as well as whether a sale is made directly by us. It is difficult to predict exactly when, or even if, we

30


will make a sale to a potential customer or if we can increase sales to our existing customers. As a result, large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated, or have not occurred at all. Because a substantial proportion of our expenses are relatively fixed in the short term, our results of operations will suffer if revenue falls below our expectations in a particular quarter, which could cause the price of our ordinary shares to decline.

Our relatively limited operating history makes it difficult to evaluate our current business and prospects and may increase the risks associated with your investment.

We were founded in 2008. Our relatively limited operating history makes it difficult to evaluate our current business and our future prospects, including our ability to plan for and model future growth. We have encountered and will continue to encounter risks and difficulties frequently experienced by rapidly growing companies in constantly evolving industries. If we do not address these risks successfully, our business and results of operations will be adversely affected, and the market price of our ordinary shares could decline.

Further, we have limited historical financial data and we operate in a rapidly evolving market. As such, any predictions about our future revenue and expenses may not be as accurate as they would be if we had a longer operating history or operated in a more predictable market.

We rely on traditional web search engines to direct traffic to our website. If our website fails to rank prominently in unpaid search results, traffic to our website could decline and our business would be adversely affected.

Our success depends in part on our ability to attract users through unpaid Internet search results on traditional web search engines such as Google. The number of users we attract to our website from search engines is due in large part to how and where our website ranks in unpaid search results. These rankings can be affected by a number of factors, many of which are not in our direct control, and they may change frequently. For example, a search engine may change its ranking algorithms, methodologies or design layouts. As a result, links to our website may not be sufficiently prominent to drive traffic to our website, and we may not know how or otherwise be in a position to influence the results. Any reduction in the number of users directed to our website could reduce our revenue or require us to increase our customer acquisition expenditures.

Unfavorable economic conditions may adversely affect our business and financial condition due to impacts on consumer and business spending, including reductions in information technology spending and decreased demand for our products, which could limit our ability to grow our business.

Our operations and financial performance depend in part on global economic conditions and the impact of these conditions on levels of information technology spending and the willingness of our current and prospective customers to purchase our products. Adverse macroeconomic conditions, including inflation, slower growth or recession, bank failures or instability in the financial services sector, changes to fiscal and monetary policies, tighter credit, higher interest rates, and currency fluctuations, could adversely impact consumer and businesses confidence and spending and negatively affect demand for our products.

For example, we are currently operating in a period of economic uncertainty and the United States has experienced high levels of inflation and rising interest rates, which has led to increased costs of labor, capital, employee compensation and other similar effects. If unfavorable conditions in the national and global economy persist, or worsen, our current and potential customers’ operating costs will likely increase, which could result in reduced operating and information technology budgets. To the extent our products are perceived by customers and potential customers as discretionary, our revenue may be disproportionately affected by delays or reductions in general information technology spending. Such delays or reductions in technology spending are often associated with enhanced budget scrutiny by our customers including additional levels of approvals, cloud optimization efforts and additional time to evaluate and test our products, which can lead to long and unpredictable sales cycles. We have recently experienced longer sales cycles for certain products and enhanced budget scrutiny by our customers, and expect to continue to experience these challenges given the current macroeconomic environment. Also, customers may choose to develop in-house software as an alternative to using our products, and competitors may respond to such negative conditions in the general economy by lowering prices, any of which could adversely affect demand for our products and limit our ability to grow our business.

The present conditions and state of the U.S. and global economies make it difficult to predict whether, when and to what extent a recession has occurred or will occur in the future. We cannot predict the timing, strength or duration of any economic slowdown, instability or recovery, generally or within any particular industry. If the economic conditions of the general economy or markets in which we operate do not improve, or worsen from present levels, our business, results of operations, and financial condition could be adversely affected.

31


We have acquired, and may in the future acquire, complementary businesses which could require significant management attention, disrupt our business, dilute shareholder value, and adversely affect our results of operations.

As part of our business strategy, we may acquire or make investments in complementary companies, products or technologies. We have in the past acquired, and expect in the future to acquire, businesses that we believe will complement or augment our existing business, such as our Vdoo and Upswift acquisitions in 2021. The identification of suitable acquisition candidates is difficult, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete future acquisitions, we may not ultimately strengthen our competitive position or achieve our goals and business strategy, we may be subject to claims or liabilities assumed from an acquired company, product, or technology, and any acquisitions we complete could be viewed negatively by our customers, investors, and securities analysts. In addition, if we are unsuccessful at integrating future acquisitions, or the technologies associated with such acquisitions, into our company, the revenue and results of operations of the combined company could be adversely affected. Any integration process may require significant time and resources, which may disrupt our ongoing business and divert management’s attention, and we may not be able to manage the integration process successfully.

We may have to pay cash, incur debt, or issue equity or equity-linked securities to pay for any future acquisitions, any of which could adversely affect our financial condition or the market price of our ordinary shares. The sale of equity or issuance of equity-linked debt to finance any future acquisitions could result in dilution to our shareholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to raise additional capital and to manage our operations. The occurrence of any of these risks could harm our business, results of operations, and financial condition.

Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products could reduce our ability to compete and could harm our business.

Historically, we have funded our operations and capital expenditures primarily through equity issuances and cash generated from our operations. Although we currently anticipate that our existing cash and cash equivalents and operating cash flow will be sufficient to meet our cash needs for the next twelve months, we may require additional financing. We evaluate financing opportunities from time to time, and our ability to obtain financing will depend, among other things, on our development efforts, business plans, operating performance, and condition of the capital markets at the time we seek financing. We cannot assure you that additional financing will be available to us on favorable terms when required, or at all. If we raise additional funds through the issuance of equity or equity-linked or debt securities, those securities may have rights, preferences or privileges senior to the rights of our ordinary shares, and our shareholders may experience dilution.

If we need additional capital and cannot raise it on acceptable terms, we may not be able to, among other things:

develop or enhance our products;
continue to expand our research and development and sales and marketing organizations;
acquire complementary technologies, products or businesses;
expand operations in the United States or internationally;
hire, train, and retain employees; or
respond to competitive pressures or unanticipated working capital requirements.

Our failure to have sufficient capital to do any of these things could harm our business, financial condition, and results of operations.

A minor portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.

Sales to government entities are subject to a number of risks that are specific to public sector customers. Selling to government entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. Government certification requirements for products like ours may change, thereby restricting our ability to sell into the U.S. federal government, U.S. state governments, or non-U.S. government sectors

32


until we have attained such revised certification or certifications. Government demand and payment for our products may be affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products. Additionally, any actual or perceived privacy, data protection, or data security incident, or even any perceived defect with regard to our practices or measures in these areas, may negatively impact public sector demand for our products.

Additionally, we rely on certain partners to provide technical support services to certain of our government entity customers to resolve any issues relating to our products. If our partners do not effectively assist our government entity customers in deploying our products, succeed in helping our government entity customers quickly resolve post-deployment issues, or provide effective ongoing support, our ability to sell additional products to new and existing government entity customers would be adversely affected and our reputation could be damaged.

Government entities may have statutory, contractual, or other legal rights to terminate contracts with us for convenience or due to a default, and any such termination may adversely affect our future results of operations. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our subscriptions, a reduction of revenue, or fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could materially and adversely affect our results of operations.

Issues in the development and use of AI, combined with an uncertain regulatory environment, may result in reputational harm, liability, or other adverse consequences to our business operations.

We have incorporated machine learning and AI technologies in our offerings and business, and AI technology may become more important to our operations or to our future growth over time. We may fail to properly implement or market our use of AI technology. Our products and systems may become targets for abuse powered by AI, and our support for MLOps may fall behind existing standards which are changing rapidly. Our competitors or other third parties may incorporate AI technology into their products, offerings, and solutions more quickly or more successfully than us, which could impair our ability to compete effectively and adversely affect our results of operations.

Uncertainty regarding new and emerging AI technologies, such as generative AI, may require us to incur additional expenses to research and integrate generative AI, or other emerging AI technologies, into our product offerings and our internal systems. Any such research, implementation and integration may be costly and could impact our results of operations. Additionally, our use of AI technology may expose us to additional claims, demands and proceedings by private parties and regulatory authorities and subject us to legal liability as well as brand and reputational harm, confidentiality or security risks, competitive harm, ethical and social concerns, or other complications that could adversely affect our business, reputation, or financial results.

Risks Related to our Intellectual Property

Failure to protect our proprietary technology and intellectual property rights could substantially harm our business and results of operations.

Our success depends to a significant degree on our ability to protect our proprietary technology, methodologies, know-how, and brand. We rely on a combination of trademarks, copyrights, patents, contractual restrictions, and other intellectual property laws and confidentiality procedures to establish and protect our proprietary rights. However, we make certain products, including a limited-functionality version of JFrog Artifactory, available under open source licenses, contribute other source code to open source projects under open source licenses, and release internal software projects under open source licenses, and anticipate doing so in the future. Because the source code for the open source version of JFrog Artifactory and any other software we contribute to open source projects or distribute under open source licenses is publicly available, our ability to monetize and protect our intellectual property rights with respect to such source code may be limited or, in some cases, lost entirely. Our competitors could access such source code and use it to create software and service offerings that compete with ours.

Further, the steps we take to protect our intellectual property rights may be inadequate. We will not be able to protect our intellectual property rights if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property rights. If we fail to protect our intellectual property rights adequately, our competitors may gain access to our proprietary technology and our business may be harmed. In addition, defending our intellectual property rights might entail significant expense. Any patents, trademarks, or other intellectual property rights that we have or may obtain may be challenged by others or invalidated through administrative process or litigation. As of December 31, 2023, we hold a number of active patents and have filed patent applications both in the U.S. and in other countries. There can be no assurance that our patent applications will result in issued patents. Even if we continue to seek patent protection in the future, we may be unable to obtain further patent protection for our technology. In addition, any patents issued in the future may not provide us with competitive advantages, or

33


may be successfully challenged by third parties. Furthermore, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain.

Despite our precautions, it may be possible for unauthorized third parties to copy our products and use information that we regard as proprietary to create offerings that compete with ours. Effective patent, trademark, copyright, and trade secret protection may not be available to us in every country in which our products are available. We may be unable to prevent third parties from acquiring domain names or trademarks that are similar to, infringe upon, or diminish the value of our trademarks and other proprietary rights. The laws of some countries may not be as protective of intellectual property rights as those in the United States, and mechanisms for enforcement of intellectual property rights may be inadequate. As we continue to expand our international activities, our exposure to unauthorized copying and use of our products and proprietary information will likely increase. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon or misappropriating our intellectual property.

We enter into confidential, non-compete, proprietary, and inventions assignment agreements with our employees and consultants and enter into confidentiality agreements with other parties. No assurance can be given that these agreements will be effective in controlling access to and distribution of our proprietary information, especially in certain states and countries, including Israel, that are less willing to enforce such agreements. Further, these agreements may not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our products.

In order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect our intellectual property rights. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming, and distracting to management, and could result in the impairment or loss of portions of our intellectual property. Further, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our products, impair the functionality of our products, delay introductions of new products, result in our substituting inferior or more costly technologies into our products, or injure our reputation.

We could incur substantial costs as a result of any claim of infringement, misappropriation or violation of another party’s intellectual property rights.

In recent years, there has been significant litigation involving patents and other intellectual property rights in the software industry. We do not currently have a large patent portfolio, which could prevent us from deterring patent infringement claims through our own patent portfolio, and our competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have. We could incur substantial costs in prosecuting or defending any intellectual property litigation. If we sue to enforce our rights or are sued by a third party that claims that our products infringe, misappropriate or violate their rights, the litigation could be expensive and could divert our management resources.

Any intellectual property litigation to which we might become a party, or for which we are required to provide indemnification, may require us to do one or more of the following:

cease selling or using products that incorporate or cover the intellectual property rights that we allegedly infringe, misappropriate or violate;
make substantial payments for legal fees, settlement payments or other costs or damages;
obtain a license, which may not be available on reasonable terms or at all, to sell or use the relevant technology; or
redesign the allegedly infringing products to avoid infringement, misappropriation or violation, which could be costly, time-consuming or impossible.

If we are required to make substantial payments or undertake any of the other actions noted above as a result of any intellectual property infringement, misappropriation or violation claims against us or any obligation to indemnify our customers for such claims, such payments or actions could harm our business.

34


We may become subject to claims for remuneration or royalties for assigned service invention rights by our employees, which could result in litigation and would adversely affect our business.

A significant portion of our intellectual property has been developed by our employees in the course of their employment for us. Under the Israeli Patents Law, 5727-1967 (the “Patents Law”), inventions conceived by an employee in the course and as a result of or arising from his or her employment with a company are regarded as “service inventions,” which belong to the employer, absent a specific agreement between the employee and employer giving the employee service invention rights. The Patents Law also provides that if there is no such agreement between an employer and an employee, the Israeli Compensation and Royalties Committee (the “Committee”), a body constituted under the Patents Law, shall determine whether the employee is entitled to remuneration for his or her inventions. Case law clarifies that the right to receive consideration for “service inventions” can be waived by the employee and that in certain circumstances, such waiver does not necessarily have to be explicit. The Committee will examine, on a case-by-case basis, the general contractual framework between the parties, applying interpretation rules of the general Israeli contract laws. Further, the Committee has not yet determined one specific formula for calculating this remuneration, but rather uses the criteria specified in the Patents Law. Although we generally enter into assignment-of-invention agreements with our employees pursuant to which such individuals assign to us all rights to any inventions created in the scope of their employment or engagement with us, we may face claims demanding remuneration in consideration for assigned inventions. As a consequence of such claims, we could be required to pay additional remuneration or royalties to our current and former employees, or be forced to litigate such claims, which could negatively affect our business.

Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement, misappropriation, violation, and other losses.

Our agreements with customers and other third parties may include indemnification provisions under which we agree to indemnify them for losses suffered or incurred as a result of claims of intellectual property infringement, misappropriation or violation, damages caused by us to property or persons, or other liabilities relating to or arising from our software, services or other contractual obligations. Large indemnity payments could harm our business, results of operations, and financial condition. Pursuant to certain agreements we do not have a cap on our liability and any payments under such agreements would harm our business, results of operations, and financial condition. Although we normally contractually limit our liability with respect to such indemnity obligations, we may still incur substantial liability related to them. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other existing customers and new customers and harm our business and results of operations.

Our use of open source software could negatively affect our ability to sell our products and subject us to possible litigation.

Our paid products incorporate open source software, and we expect to continue to incorporate open source software in our paid products in the future. Few of the licenses applicable to open source software have been interpreted by courts, and there is a risk that these licenses could be construed in a manner that could impose unanticipated conditions or restrictions on our ability to commercialize our paid products. Moreover, we cannot assure you that we have not used additional open source software in our software in a manner that is inconsistent with the terms of the applicable license or our current policies and procedures. If we fail to comply with these licenses, we may be subject to certain requirements, including requirements that we offer additional portions of our solutions for no cost, that we make available additional source code for modifications or derivative works we create based upon, incorporating or using the open source software, and that we license such modifications or derivative works under the terms of applicable open source licenses. If an author or other third party that distributes such open source software were to allege that we had not complied with the conditions of one or more of these licenses, we could be required to incur significant legal expenses defending against such allegations and could be subject to significant damages, enjoined from the sale of our products that contained the open source software and required to comply with onerous conditions or restrictions on these products, which could disrupt the distribution and sale of these products. In addition, there have been claims challenging the ownership rights in open source software against companies that incorporate open source software into their products, and the licensors of such open source software provide no warranties or indemnities with respect to such claims. In any of these events, we and our customers could be required to seek licenses from third parties in order to continue offering our products, and to re-engineer our products or discontinue the sale of our products in the event re-engineering cannot be accomplished on a timely basis. We and our customers may also be subject to suits by parties claiming infringement, misappropriation or violation due to the reliance by our solutions on certain open source software, and such litigation could be costly for us to defend or subject us to an injunction. Some open source projects provided on an “as-is” basis have known vulnerabilities and architectural instabilities which, if not properly addressed, could negatively affect the performance of our product. Any of the foregoing could require us to devote additional research and development resources to re-engineer our solutions, could result in customer dissatisfaction, and may adversely affect our business, results of operations, and financial condition.

35


Risks Related to Privacy, Data Protection and Cybersecurity

We are subject to stringent and changing laws, regulations, standards, and contractual obligations related to privacy, data protection, and data security. Our actual or perceived failure to comply with such obligations could harm our business.

We receive, collect, store, process, transfer, retain, use, and otherwise process personal information and other data relating to users of our products, our employees and contractors, and other persons. We have legal and contractual obligations regarding the protection of confidentiality and appropriate use of certain data, including personal information. We are subject to numerous federal, state, local, and international laws, directives, and regulations regarding privacy, data protection, and data security and the collection, storing, sharing, use, processing, transfer, retention, security, disclosure, and protection of personal information and other data, the scope of which are changing, subject to differing interpretations, and may be inconsistent among jurisdictions or conflict with other legal and regulatory requirements. We are also subject to certain contractual obligations to third parties related to privacy, data protection and data security. We strive to comply with our applicable policies and applicable laws, regulations, contractual obligations, and other legal obligations relating to privacy, data protection, and data security to the extent possible. However, the regulatory framework for privacy, data protection and data security worldwide is, and is likely to remain for the foreseeable future, uncertain and complex, and it is possible that these or other actual or alleged obligations may be interpreted and applied in a manner that we do not anticipate or that is inconsistent from one jurisdiction to another and may conflict with other legal obligations or our practices. Any perception of privacy, data security, or data protection concerns or an inability to comply with applicable laws, regulations, policies, industry standards, contractual obligations, or other legal obligations, even if unfounded, may result in additional cost and liability to us, harm our reputation and inhibit adoption of our products by current and future customers, and adversely affect our business, financial condition, and results of operations. Further, any significant change to applicable laws, regulations or industry practices regarding the collection, storing, sharing, use, retention, security, protection, disclosure, other processing of data, or their interpretation, or any changes regarding the manner in which the consent of users or other data subjects for the collection, use, retention, disclosure, or other processing of such data must be obtained, could increase our costs and require us to modify our services and features, possibly in a material manner, which we may be unable to complete, and may limit our ability to store and process user data or develop new services and features.

If we were found in violation of any applicable laws or regulations relating to privacy, data protection, or data security, in addition to any regulatory fines, penalties, or litigation costs, our business may be materially and adversely affected and we would likely have to change our business practices and potentially the services and features available through our platform. In addition, these laws and regulations could constrain our ability to use and process data in manners that may be commercially desirable. In addition, if a breach of data security were to occur or to be alleged to have occurred, if any violation of laws and regulations relating to privacy, data protection or data security were to be alleged, or if we had any actual or alleged defect in our safeguards or practices relating to privacy, data protection, or data security, our solutions may be perceived as less desirable and our business, prospects, financial condition, and results of operations could be materially and adversely affected.

Various United States (“U.S.”) privacy laws are potentially relevant to our business, including the Federal Trade Commission Act, Controlling the Assault of Non-Solicited Pornography and Marketing Act, and the Telephone Consumer Protection Act. Any actual or perceived failure to comply with these laws could result in a costly investigation or litigation resulting in potentially significant liability, loss of trust by our users, and a material and adverse impact on our reputation and business.

Within the U.S., we anticipate increasing regulation of privacy, data protection and data security, including the adoption of more stringent laws. For example, in June 2018, California passed the California Consumer Privacy Act (“CCPA”), which provides new data privacy rights for California consumers and new operational requirements for covered companies. The CCPA, among other things, provides that covered companies must provide new disclosures to California consumers and afford such consumers new data privacy rights that include the right to request a copy from a covered company of the personal information collected about them, the right to request deletion of such personal information, and the right to request to opt-out of certain sales of such personal information. The CCPA became operative on January 1, 2020. The California Attorney General can enforce the CCPA, including seeking an injunction and civil penalties for violations. The CCPA provides a private right of action for certain data breaches that is expected to increase data breach litigation. The CCPA has required us to modify our data practices and policies and to incur certain costs and expenses in an effort to comply. Additionally, a new privacy law, the California Privacy Rights Act (“CPRA”), was approved by California voters in November 2020. The CPRA modifies the CCPA significantly, potentially resulting in further uncertainty and requiring us to incur additional costs and expenses in an effort to comply. Additionally, other states have proposed or enacted privacy, data protection, and data security laws, including, for example, Washington’s My Health, My Data Act, and other laws similar to the CCPA such as in Virginia, Colorado, Utah, Connecticut, Iowa, Indiana, Montana, Tennessee, Oregon, Florida, Delaware, and Texas. These newly proposed or enacted laws could increase our potential liability and adversely affect our business.

36


With respect to cybersecurity in the U.S., we are closely monitoring the development of rules and guidance pursuant to various executive orders that may apply to us, including pursuant to Executive Order 14028 for “EO-critical software,” for example. These developing rules and guidance may increase our compliance costs and delay customer contract execution.

Internationally, we also expect that there will continue to be new laws, regulations, and industry standards concerning privacy, data protection, information security, and AI, proposed and enacted in various jurisdictions. For example, the data protection landscape in the European Union (“EU”) continues to evolve, resulting in possible significant operational costs for internal compliance and risks to our business. The EU adopted the General Data Protection Regulation (“GDPR”), which became effective in May 2018, and contains numerous requirements and changes from previously existing EU laws, including more robust obligations on data processors and heavier documentation requirements for data protection compliance programs by companies. Among other requirements, the GDPR regulates the transfer of personal data subject to the GDPR to third countries that have not been found to provide adequate protection to such personal data, including the U.S. Failure to comply with the GDPR could result in penalties for noncompliance (including possible fines of up to the greater of €20 million and 4% of our global annual turnover for the preceding financial year for the most serious violations, as well as the right to compensation for financial or non-financial damages claimed by individuals under Article 82 of the GDPR). Despite our efforts to attempt to comply with the GDPR, a regulator may determine that we have not done so and subject us to fines and public censure, which could harm our company.

Among other requirements, the GDPR regulates transfers of personal data outside of the European Economic Area (“EEA”) to third countries that have not been found to provide adequate protection to such personal data, including the U.S. With regard to transfers to the U.S. of personal data from our employees and European customers and users, we rely upon the Standard Contractual Clauses (“SCCs”). The “Schrems II” decision issued by the Court of Justice of the European Union (“CJEU”) on July 16, 2020, invalidated the EU-U.S. Privacy Shield Framework as a mechanism to transfer personal data from the EEA to the U.S. In the same decision, the CJEU confirmed the validity of the SCCs, but advised that the SCCs must be considered on a case-by-case basis, in conjunction with an assessment as to whether national security laws conflict with the guarantees provided by the data importer under the SCCs. The European Commission has issued new SCCs that account for the CJEU’s “Schrems II” decision and that are required to be implemented. These developments represent a milestone in the regulation of cross-border data transfers, and have required major changes to our data transfer policy, including the need to conduct legal, technical, and security assessments for each data transfer from the EEA to a country outside of the EEA. This means that we may be unsuccessful in maintaining legitimate means for our transfer and receipt of personal data from the EEA. We may, in addition to other impacts, experience additional costs associated with increased compliance burdens, and we and our customers face the potential for regulators in the EEA to apply different standards to the transfer of personal data from the EEA to the U.S., and to block, or require ad hoc verification of measures taken with respect to, certain data flows from the EEA to the U.S. We also anticipate being required to engage in new contract negotiations with third parties that aid in processing data on our behalf, and entering into the new SCCs. We may experience reluctance or refusal by current or prospective European customers to use our products, and we may find it necessary or desirable to make further changes to our handling of personal data of EEA residents.

The regulatory environment applicable to the handling of EEA residents' personal data, and our actions taken in response, may cause us to assume additional liabilities or incur additional costs and could result in our business, operating results, and financial condition being harmed. We and our customers may face a risk of enforcement actions by data protection authorities in the EEA relating to personal data transfers to us and by us from the EEA. Any such enforcement actions could result in substantial costs and diversion of resources, distract management and technical personnel and negatively affect our business, operating results and financial condition.

In addition to the GDPR, the European Commission has another draft regulation in the approval process that focuses on a person’s right to conduct a private life. The proposed legislation, known as the Regulation of Privacy and Electronic Communications (“ePrivacy Regulation”), would replace the current ePrivacy Directive. Originally planned to be adopted and implemented at the same time as the GDPR, the ePrivacy Regulation is still being negotiated. Most recently, on February 10, 2021, the Council of the EU agreed on its version of the draft ePrivacy Regulation. If adopted, ePrivacy Regulation is anticipated to have broad potential impacts on the use of internet-based services and tracking technologies, such as cookies. Aspects of the ePrivacy Regulation remain for negotiation between the European Commission and the Council. We expect to incur additional costs to comply with the requirements of the ePrivacy Regulation as it is finalized for implementation. Additionally, on January 13, 2022, the Austrian data protection authority published a decision ruling that the collection of personal data and transfer to the U.S. through Google Analytics and other analytics and tracking tools used by website operators violates the GDPR. On February 10, 2022, the French data protection authority issued a press release stating that the French data protection authority had issued a similar decision. On June 23, 2022, the Italian data protection authority adopted a similar decision, and on September 21, 2022, the Danish data protection authority adopted a similar decision. Other data protection authorities in the EU are increasingly focused on the use of online tracking tools and have indicated that they plan to issue similar rulings.

37


Further on January 31, 2020, the United Kingdom (“U.K.”) left the EU (commonly referred to as “Brexit”). The U.K. enacted legislation substantially implementing the GDPR, with penalties for noncompliance of up to the greater of £17.5 million or four percent of worldwide revenues. The U.K. has issued its own SCCs to support the transfer of personal data of the U,K. Aspects of U.K. data protection regulation remain, however, unclear in the medium to longer term. The European Commission and the U.K. government announced an EU-U.K. Trade Cooperation Agreement on December 24, 2020, and on June 28, 2021, the European Commission issued an adequacy decision under the GDPR and the Law Enforcement Directive, pursuant to which personal data generally may be transferred from the EU to the U.K. without restriction, subject to a four-year “sunset” period, after which the European Commission’s adequacy decision may be renewed. During that period, the European Commission will continue to monitor the legal situation in the U.K. and may intervene at any time with respect to its adequacy decision. The UK’s adequacy determination therefore is subject to future uncertainty, and may be subject to modification or revocation in the future, with the U.K. potentially being considered a “third country” under the GDPR, with personal data transfers needing to be made subject to GDPR-compliant safeguards (for example, the SCCs). With uncertainty remaining over the interpretation and application of data protection law in the U.K., we may face challenges in addressing their requirements and making necessary changes to our policies and practices, and may incur significant costs and expenses in an effort to do so.

Other countries also are considering or have enacted legislation that could impact our compliance obligations, expose us to liability, and increase the cost and complexity of delivering our services. For example, failure to comply with the Israeli Privacy Protection Law 5741-1981, and its regulations as well as the guidelines of the Israeli Privacy Protection Authority, may expose us to administrative fines, civil claims (including class actions) and in certain cases criminal liability. Further, the Data Security Law of China (“DSL”), which took effect on September 1, 2021, and the Personal Information Protection Law of China (“PIPL”), which took effect on November 1, 2021, implement comprehensive regulation of data and personal data processing activities across all industries and operations such as collecting, utilizing, processing, sharing and transferring data and personal information. The DSL and PIPL apply not only to the processing of data within China, but also seeks to regulate cross-border data transfers as well as certain activities outside of China. Limitations imposed by the DSL and PIPL and uncertainty regarding their application may impact us and may requires us to make changes to our policies and practices in an effort to comply. We are also monitoring recent or pending legislation in India and Japan, among others, for further impacts on our compliance obligations, including requirements for local storage and processing of data that could increase the cost and complexity of delivering our services. Such current or pending legislation may also result in changes to current enforcement measures and sanctions.

In addition to government regulation, privacy advocates and industry groups may propose new and different self-regulatory standards that may legally or contractually apply to us. One example of such a self-regulatory standard is the Payment Card Industry Data Security Standard (“PCI DSS”), which relates to the processing of payment card information. In the event we fail to comply with the PCI DSS, fines and other penalties could result, and we may suffer reputational harm and damage to our business. We may also be bound by and agree to contractual obligations to comply with other obligations relating to privacy, data security, or data protection, such as particular standards for information security measures.

We also expect that there will continue to be changes in interpretations of existing laws and regulations, or new proposed laws and regulations concerning privacy, data security, and data protection. We cannot yet determine the impact these laws and regulations or changed interpretations may have on our business, but we anticipate that they could impair our or our customers’ ability to collect, use or disclose information relating to consumers, which could decrease demand for our platform, increase our costs and impair our ability to maintain and grow our customer base and increase our revenue. Moreover, because the interpretation and application of many laws and regulations relating to privacy, security, and data protection, along with mandatory industry standards, are uncertain, it is possible that these laws, regulations and standards, or contractual obligations to which we are or may become subject, may be interpreted and applied in a manner that is inconsistent with our existing or future data management practices or features of our platform and products. Any failure or perceived failure by us to comply with our posted privacy policies, our privacy-related obligations to users or other third parties, or any other actual or asserted legal obligations or regulatory requirements relating to privacy, data protection, or data security, may result in governmental investigations or enforcement actions, litigation, claims, or public statements against us by consumer advocacy groups or others and could result in significant liability, cause our users to lose trust in us, and otherwise materially and adversely affect our reputation and business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, other obligations, and policies that are applicable to the businesses of our users may limit the adoption and use of, and reduce the overall demand for, our platform. Additionally, if third parties we work with violate applicable laws, regulations or contractual obligations, such violations may put our users’ data at risk, could result in governmental investigations or enforcement actions, fines, litigation, claims, or public statements against us by consumer advocacy groups or others and could result in significant liability, cause our users to lose trust in us, and otherwise materially and adversely affect our reputation and business. Further, public scrutiny of, or complaints about, technology companies or their data handling or data protection practices, even if unrelated to our business, industry or operations, may lead to increased scrutiny of technology companies, including us, and may cause government agencies to enact additional regulatory requirements, or to modify their enforcement or investigation activities, which may increase our costs and risks.

38


A breach of our security measures or unauthorized access to proprietary and confidential data, or a perception that any security breach or other incident has occurred, may result in our platform or products being perceived as not secure, lower customer use or stoppage of use of our products, and significant liabilities.

Although our products do not involve the processing of large amounts of personal data or personal information, our platform and products support customers’ software, which may involve the processing of large amounts of personal data, personal information, and information that is confidential or otherwise sensitive or proprietary. Data security incidents affecting widely trusted data security architecture (such as the incident affecting SolarWinds Orion, the incident involving Accellion FTA, the incident affecting Microsoft Exchange, the incident affecting Kaseya VSA, and the incident involving Log4j – none of which have directly affected us) may increase customer expectations regarding the security, testing, and compliance documentation of our platform and products for secure software development operations, management, automation and releases. In addition, these or other incidents may trigger new laws and regulations that increase our compliance burdens, add reporting obligations, or otherwise increase costs for oversight and monitoring of our platform, products, and supply chain.

We do collect and store certain sensitive and proprietary information, and to a lesser degree, personal data and personal information, in the operation of our business. This information includes trade secrets, intellectual property, employee data, and other confidential data. We have taken measures to protect our own sensitive and proprietary information, personal data and personal information, as well as such information that we otherwise obtain, including from our customers. We also engage vendors and service providers to store and otherwise process some of our and our customers’ data, including sensitive and proprietary information, personal data and personal information. Our vendors and service providers have been and, in the future may be, the targets of cyberattacks, malicious software, supply chain attacks, phishing schemes, fraud, and other risks to the confidentiality, security, and integrity of their systems and the data they process for us. Our ability to monitor our vendors and service providers’ data security is limited, and, in any event, third parties may be able to circumvent those security measures, resulting in the unauthorized or unlawful access to, misuse, disclosure, loss, acquisition, corruption, unavailability, alteration, modification or destruction of our and our customers’ data, including sensitive and proprietary information, personal data and personal information.

Security breaches and other security incidents that affect us may result from employee or contractor error or negligence or those of vendors, service providers, and strategic partners on which we rely. These attacks may come from individual hackers, criminal groups, and state-sponsored organizations. There have been and may continue to be significant supply chain attacks, and we cannot guarantee that our or our vendors or service providers’ systems and networks have not been breached or that they do not contain exploitable vulnerabilities, defects or bugs that could result in a breach of or disruption to our systems and networks or the systems and networks of third parties that support us and our services. In addition, our customers and users may also disclose or leak their passwords, API keys, or secrets that could lead to unauthorized access to their accounts and data, including information about their software, source code, and security environment, stored within our products. As we continue to expand the products that we can offer our customers, including through the acquisition of complementary businesses, such as our acquisition of Vdoo in 2021, and through internal development, such as developing new security services, our products could have access to more sensitive information of our customers, which could result in greater adverse effects from security breaches and other security incidents. Also, our expansion into new services and products could subject us to additional regulations. In addition, we are subject to other laws and regulations that obligate us to employ reasonable security measures. From time to time, we do identify product vulnerabilities, including through our bug bounty program. Certain vulnerabilities under certain circumstances could be exploited if our customers do not patch vulnerable versions of the product. In the future, we also may experience security breaches, including breaches resulting from a cybersecurity attack, phishing attack, or other means, including unauthorized access, unauthorized usage, malwares or similar breaches or disruptions. We incur significant costs in an effort to detect and prevent security breaches and other security-related incidents, including those to secure our product development, test, evaluation, and deployment activities, and we expect our costs will increase as we make improvements to our systems and processes to prevent future breaches and incidents.

Despite our efforts, our systems and those of our vendors, service providers, and strategic partners also are potentially vulnerable to computer malware, viruses, computer hacking, fraudulent use, social engineering attacks, phishing attacks, ransomware attacks, credential stuffing attacks, denial-of-service attacks, unauthorized access, exploitation of bugs, defects, and vulnerabilities, breakdowns, damage, interruptions, system malfunctions, power outages, terrorism, acts of vandalism, failures, security breaches and incidents, inadvertent or intentional actions by our employees, contractors, consultants, partners, and/or other third parties, and other real or perceived cyberattacks. Our risks of cyberattacks and other sources of security breaches and incidents, and those faced by our vendors, service providers, and strategic partners, may be heightened in connection with the war between Israel and Hamas, the war between Russia and Ukraine, and associated geopolitical tensions and regional instability. Any of these incidents or any compromise of our security or any unauthorized access to or breaches of the security of our or our service providers’ systems or data processing tools or processes, or of our platform and product offerings, as a result of third-party action, employee error, vulnerabilities, defects or bugs, malfeasance, or otherwise, could result in unauthorized or unlawful

39


access to, misuse, disclosure, loss, acquisition, corruption, unavailability, alteration, modification or destruction of our and our customers’ data, including sensitive and proprietary information, personal data and personal information, or a risk to the security of our or our customers’ systems.

We may be more susceptible to security breaches and other security incidents in view of many of our employees and employees of our service providers working remotely, because we and our service providers have less capability to implement, monitor and enforce our information security and data protection policies for those employees. Based on the examples set in other recent incidents, the more widespread our platform and products become, the more they may be viewed by malicious cyber threat actors as an attractive target for such an attack. We and our service providers may be unable to anticipate these techniques, react, remediate or otherwise address any security breach or other security incident in a timely manner, or implement adequate preventative measures. In the past, we have experienced vulnerabilities, none of which led to account takeover and all such known vulnerabilities have been remedied.

A security breach or other incident could result in reputational damage, litigation, regulatory investigations and orders, loss of business, indemnity obligations, damages for contract breach, penalties for violation of applicable laws, regulations, or contractual obligations, and significant costs, fees and other monetary payments for remediation, including in connection with forensic examinations and costly and burdensome breach notification requirements. Any belief by customers or others that a security breach or other incident has affected us or any of our vendors or service providers, even if a security breach or other incident has not affected us or any of our vendors or service providers or has not actually occurred, could have any or all of the foregoing impacts on us, including damage to our reputation. Even the perception of inadequate security may damage our reputation and negatively impact our ability to gain new customers and retain existing customers. In the event of any such breach or incident, we could be required to expend significant capital and other resources to address our or our vendor or service provider’s incident. Considering the SolarWinds Orion incident and the Kaseya VSA incident, if our products were compromised in a way that offered a means of malicious access or delivery of ransomware or other malicious software to our customers, the impact of such an incident would likely be significant.

Techniques used to sabotage or obtain unauthorized access to systems or networks are constantly evolving and, in some instances, are not identified until launched against a target. We and our vendors and service providers may be unable to anticipate these techniques, react, remediate or otherwise address any security breach or other security incident in a timely manner, or implement adequate preventative measures. In addition, laws, regulations, government guidance, and industry standards and practices in the U.S. and elsewhere are rapidly evolving to combat these threats. We may face increased compliance burdens regarding such requirements with regulators and customers regarding our products and services and also incur additional costs for oversight and monitoring of our own supply chain.

Further, any provisions in our customer and user agreements, contracts with our vendors and service providers or other contracts relating to limitations of liability may not be enforceable or adequate or otherwise protect us from any liabilities or damages with respect to any particular claim relating to a security breach or other security-related matter. While our insurance policies include liability coverage for certain of these matters, subject to applicable deductibles, if we experienced a widespread security breach or other incident that impacted a significant number of our customers, we could be subject to indemnity claims or other damages that exceed our insurance coverage. If such a breach or incident occurred, our insurance coverage might not be adequate for data handling or data security liabilities actually incurred, such insurance may not continue to be available to us in the future on economically reasonable terms, or at all, and insurers may deny us coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results, and reputation.

Risks Related to Foreign Operations

Our international operations and expansion expose us to risks.

Our primary research and development operations are located in Israel. As of December 31, 2023, we had customers located in over 90 countries, and our strategy is to continue to expand internationally. In addition, as a result of our strategy of leveraging a distributed workforce. As of December 31, 2023, we had employees located primarily in nine countries. Our current international operations involve, and future initiatives will involve, a variety of risks, including:

unexpected changes in practices, tariffs, export quotas, custom duties, trade disputes, tax laws and treaties, particularly due to economic tensions and trade negotiations or other trade restrictions;

40


different labor regulations, especially in the European Union, where labor laws are generally more advantageous to employees as compared to the United States, including differing hourly wages and overtime regulations in these locations;
exposure to many stringent and potentially inconsistent laws and regulations relating to privacy, data protection, AI, and data security, particularly in the European Union;
changes in a specific country’s or region’s political or economic conditions, such as the war between Israel and Hamas and the war between Russia and Ukraine and the associated geopolitical tensions and regional instability, as well as economic sanctions the U.S. and other countries have imposed on Russia and certain of its allies and the impact of the foregoing on the global economy;
risks resulting from changes in currency exchange rates, in particular, fluctuations in the value of the NIS compared to the U.S. dollar;
challenges inherent to efficiently managing an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits and compliance programs;
risks relating to the implementation of exchange controls, including restrictions promulgated by the OFAC, and other similar trade protection regulations and measures in the United States or in other jurisdictions;
reduced ability to timely collect amounts owed to us by our customers in countries where our recourse may be more limited;
slower than anticipated availability and adoption of cloud and hybrid infrastructures by international businesses;
limitations on our ability to reinvest earnings from operations derived from one country to fund the capital needs of our operations in other countries;
potential changes in laws, regulations, and costs affecting our U.K operations and personnel due to Brexit;
limited or unfavorable intellectual property protection; and
exposure to liabilities under anti-corruption and anti-money laundering laws, including the U.S. Foreign Corrupt Practices Act of 1977, as amended, and similar applicable laws and regulations in other jurisdictions.

If we are unable to address these difficulties and challenges or other problems encountered in connection with our international operations and expansion, we may incur unanticipated liabilities or otherwise suffer harm to our business generally.

As we conduct operations in China, risks associated with economic, political and social events in China could negatively affect our business and results of operations.

We are currently expanding operations in China and may continue to increase our presence in China. Our operations in China are subject to a number of risks relating to China’s economic and political systems, including:

A government-controlled foreign exchange rate and limitations on the convertibility of the Chinese Renminbi;
Uncertainty regarding the validity, enforceability and scope of protection for intellectual property rights and the practical difficulties of enforcing such rights;
Ability to secure our business proprietary information located in China from unauthorized acquisition;
Extensive government regulation;
Changing governmental policies relating to tax benefits available to foreign-owned businesses;
A relatively uncertain legal system;
Application of and limitations related to the DSL and PIPL regulations over processing of data and personal data within China as well as cross-border data transfers and other activities outside of China; and

41


Instability related to continued economic, political and social reform.

Any actions and policies adopted by the government of the People’s Republic of China, particularly with regard to intellectual property rights, any slowdown in China’s economy, or increased restrictions related to the transfer of data pursuant to the Chinese Cyber Security Law could have an adverse effect on our business, results of operations and financial condition.

Further, at various times during recent years, the United States and China have had disagreements over political and economic issues. Controversies may arise in the future between these two countries. Any political or trade controversy between the United States and China could adversely affect the U.S. and European economies and materially and adversely affect the market price of our ordinary shares, our business, financial position and financial performance.

If we are not successful in sustaining and expanding our international business, we may incur additional losses and our revenue growth could be harmed.

Our future results depend, in part, on our ability to sustain and expand our penetration of the international markets in which we currently operate and to expand into additional international markets. Our ability to expand internationally will depend upon our ability to deliver functionality and foreign language translations that reflect the needs of the international clients that we target. Our ability to expand internationally involves various risks, including the need to invest significant resources in such expansion, and the possibility that returns on such investments will not be achieved in the near future or at all in these less familiar competitive environments. We may also choose to conduct our international business through strategic partnerships or other collaboration arrangements. If we are unable to identify partners or negotiate favorable terms, our international growth may be limited. In addition, we have incurred and may continue to incur significant expenses in advance of generating material revenue as we attempt to establish our presence in certain international markets.

We are subject to various governmental export controls, trade sanctions, and import laws and regulations that could impair our ability to compete in international markets or subject us to liability if we violate these controls.

In some cases, our software is subject to export control laws and regulations, including the Export Administration Regulations administered by the U.S. Department of Commerce, and our activities may be subject to trade and economic sanctions, including those administered by the United States Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) (collectively, “Trade Controls”). As such, a license may be required to export or re-export our products, or provide related services, to certain countries and end-users, and for certain end-uses. Further, our products incorporating encryption functionality may be subject to special controls applying to encryption items and/or certain reporting requirements.

While we take precautions and maintain procedures to prevent our products and solutions from being exported in violation of these laws, we cannot guarantee that the precautions we take will prevent violations of export control and sanctions laws. We are currently working to enhance these procedures, with which failure to comply could subject us to both civil and criminal penalties, including substantial fines, possible incarceration of responsible individuals for willful violations, possible loss of our export or import privileges, and reputational harm. Further, the process for obtaining necessary licenses may be time-consuming or unsuccessful, potentially causing delays in sales or losses of sales opportunities. Trade Controls are complex and dynamic regimes, and monitoring and ensuring compliance can be challenging, particularly given that our products are widely distributed throughout the world and are available for download without registration. Although we have no knowledge that our activities have resulted in violations of Trade Controls, any failure by us or our partners to comply with applicable laws and regulations would have negative consequences for us, including reputational harm, government investigations, and penalties.

In addition, various countries regulate the import of certain encryption technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products or could limit our end-customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations in such countries may create delays in the introduction of our products into international markets, prevent our end-customers with international operations from deploying our products globally or, in some cases, prevent or delay the export or import of our products to certain countries, governments, or persons altogether. Any change in export or import laws or regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing export, import or sanctions laws or regulations, or change in the countries, governments, persons, or technologies targeted by such export, import or sanctions laws or regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations. Any decreased use of our products or limitation on our ability to export to or sell our products in international markets could adversely affect our business, financial condition, and results of operations.

42


Failure to comply with anti-bribery, anti-corruption, anti-money laundering laws, and similar laws, could subject us to penalties and other adverse consequences.

We are subject to the U.S. Foreign Corrupt Practices Act of 1977, as amended (the “FCPA”), the U.S. domestic bribery statute contained in 18 U.S.C. § 201, the U.S. Travel Act, the USA PATRIOT Act, the United Kingdom Bribery Act 2010, the Proceeds of Crime Act 2002, Chapter 9 (sub-chapter 5) of the Israeli Penal Law, 1977, the Israeli Prohibition on Money Laundering Law–2000 and possibly other anti-bribery and anti-money laundering laws in countries outside of the United States in which we conduct our activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies, their employees, agents, representatives, business partners, and third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public or private sector.

We sometimes leverage third parties to sell our products and conduct our business abroad. We, our employees, agents, representatives, business partners, and third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and may be held liable for the corrupt or other illegal activities of these employees, agents, representatives, business partners, or third-party intermediaries, even if we do not explicitly authorize such activities. We cannot assure you that all of our employees and agents will not take actions in violation of applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase.

These laws also require that we keep accurate books and records and maintain internal controls and compliance procedures designed to prevent any such actions. While we have policies and procedures to address compliance with such laws, we cannot assure you that none of our employees, agents, representatives, business partners or third-party intermediaries will take actions in violation of our policies and applicable law, for which we may be ultimately held responsible.

Any allegations or violation of the FCPA or other applicable anti-bribery, anti-corruption laws, and anti-money laundering laws could result in whistleblower complaints, sanctions, settlements, prosecution, enforcement actions, fines, damages, adverse media coverage, investigations, loss of export privileges, severe criminal or civil sanctions, or suspension or debarment from U.S. government contracts, all of which may have an adverse effect on our reputation, business, results of operations, and prospects. Responding to any investigation or action will likely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional fees. In addition, the U.S. government may seek to hold us liable for successor liability for FCPA violations committed by companies in which we invest or that we acquire. As a general matter, investigations, enforcement actions and sanctions could harm our reputation, business, results of operations, and financial condition.

We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.

Our functional currency is the U.S. dollar and our revenue and expenses are primarily denominated in U.S. dollars. However, a significant portion of our headcount related expenses, consisting principally of salaries and related personnel expenses as well as leases and certain other operating expenses, are denominated in NIS. This foreign currency exposure gives rise to market risk associated with exchange rate movements of the U.S. dollar against the NIS. Furthermore, we anticipate that a material portion of our expenses will continue to be denominated in NIS. We currently utilize foreign currency contracts, with financial institutions to protect against foreign exchange risks, mainly the exposure to changes in the exchange rate of the NIS against the U.S. dollar that are associated with future cash flows denominated in NIS.

In addition, increased international sales in the future may result in greater foreign currency denominated sales, increasing our foreign currency risk. A material portion of our leases are denominated in currencies other than the U.S. Dollar, mainly in NIS. The associated lease liabilities are remeasured using the current exchange rate, which may result in material foreign exchange gains or losses. Moreover, operating expenses incurred outside the United States and denominated in foreign currencies are increasing and are subject to fluctuations due to changes in foreign currency exchange rates. If we are not able to successfully hedge against the risks associated with currency fluctuations, our financial condition and results of operations could be adversely affected. To date, we have entered into hedging transactions in an effort to reduce our exposure to foreign currency exchange risk. While we may decide to continue to enter into hedging transactions in the future, the availability and effectiveness of these hedging transactions may be limited and we may not be able to successfully hedge our exposure, which could adversely affect our financial condition and results of operations.

43


Risks Related to Taxation

Unanticipated changes in effective tax rates or adverse outcomes resulting from examination of our income or other tax returns could expose us to greater than anticipated tax liabilities.

The tax laws applicable to our business, including the laws of Israel, the United States, and other jurisdictions, are subject to interpretation and certain jurisdictions may aggressively interpret their laws in an effort to raise additional tax revenue. The tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements or our revenue recognition policies, which could increase our worldwide effective tax rate and harm our financial position and results of operations. It is possible that tax authorities may disagree with certain positions we have taken and any adverse outcome of such a review or audit could have a negative effect on our financial position and results of operations. Further, the determination of our worldwide provision for income taxes and other tax liabilities requires significant judgment by management, and there are transactions where the ultimate tax determination is uncertain. Although we believe that our estimates are reasonable, the ultimate tax outcome may differ from the amounts recorded in our consolidated financial statements and may materially affect our financial results in the period or periods for which such determination is made.

In addition, we typically invoice customers for the full contract amount at the time of entering into a contract, but recognize revenue over the term of the subscription period. Applicable tax authorities may challenge our tax reporting position and may accelerate our tax obligation based on cash received, which may materially affect our financial results.

Our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our results of operations.

Based on our current corporate structure, we are subject to taxation in several jurisdictions around the world with increasingly complex tax laws, the application of which can be uncertain. The amount of taxes we pay in these jurisdictions could increase substantially as a result of changes in the applicable tax principles, including increased tax rates, new tax laws or revised interpretations of existing tax laws and precedents. The authorities in these jurisdictions could review our tax returns or require us to file tax returns in jurisdictions in which we are not currently filing, and could impose additional tax, interest, and penalties. These authorities could also claim that various withholding requirements apply to us or our subsidiaries, assert that benefits of tax treaties are not available to us or our subsidiaries, or challenge our methodologies for valuing developed technology or intercompany arrangements, including our transfer pricing. The relevant tax authorities may determine that the manner in which we operate our business does not achieve the intended tax consequences. If such a disagreement was to occur, and our position was not sustained, we could be required to pay additional taxes, interest, and penalties. Any increase in the amount of taxes we pay or that are imposed on us could increase our worldwide effective tax rate and harm our business and results of operations.

The tax benefits that are available to us require us to continue to meet various conditions and may be terminated or reduced in the future, which could increase our costs and taxes.

We are eligible for certain tax benefits provided to a “Preferred Technology Enterprise” under the Israeli Law for the Encouragement of Capital Investments, 1959, referred to as the Investment Law. In order to remain eligible for the tax benefits for a “Preferred Technology Enterprise” we must continue to meet certain conditions stipulated in the Investment Law and its regulations, as amended. If these tax benefits are reduced, cancelled or discontinued, our Israeli taxable income from the Preferred Technology Enterprise would be subject to regular Israeli corporate tax rates. Additionally, if we increase our activities outside of Israel through acquisitions, for example, our expanded activities might not be eligible for inclusion in future Israeli tax benefit programs.

We could be required to collect additional sales, use, value added, digital services or other similar taxes or be subject to other liabilities that may increase the costs our clients would have to pay for our products and adversely affect our results of operations.

We collect sales, value added and other similar taxes in a number of jurisdictions. One or more U.S. states or countries may seek to impose incremental or new sales, use, value added, digital services, or other tax collection obligations on us. Further, an increasing number of U.S. states have considered or adopted laws that attempt to impose tax collection obligations on out-of-state companies. Additionally, the Supreme Court of the United States ruled in South Dakota v. Wayfair, Inc. et al, or Wayfair, that online sellers can be required to collect sales and use tax despite not having a physical presence in the state of the customer. In response to Wayfair, or otherwise, U.S. states or local governments may adopt, or begin to enforce, laws requiring us to calculate, collect, and remit taxes on sales in their jurisdictions. A successful assertion by one or more U.S. states requiring us to collect taxes where we presently do not do so, or to collect more taxes in a jurisdiction in which we currently do collect some taxes, could result in substantial liabilities, including taxes on past sales, as well as interest and penalties. Furthermore, certain

44


jurisdictions, such as the United Kingdom and France, introduced a digital services tax, which is generally a tax on gross revenue generated from users or customers located in those jurisdictions, and other jurisdictions have enacted or are considering enacting similar laws. A successful assertion by a U.S. state or local government, or other country or jurisdiction that we should have been or should be collecting additional sales, use, value added, digital services or other similar taxes could, among other things, result in substantial tax payments, create significant administrative burdens for us, discourage potential customers from subscribing to our platform due to the incremental cost of any such sales or other related taxes, or otherwise harm our business.

Our ability to use our net operating loss carryforwards to offset future taxable income may be subject to certain limitations.

As of December 31, 2023, we had net operating loss carryforwards of $138.8 million in Israel and U.S. state net operating loss carryforwards of $51.5 million, which may be utilized against future income taxes. Limitations imposed by the applicable jurisdictions on our ability to utilize net operating loss carryforwards, including with respect to the net operating loss carryforwards of companies that we have acquired or may acquire in the future, could cause income taxes to be paid earlier than would be paid if such limitations were not in effect and could cause such net operating loss carryforwards to expire unused, in each case reducing or eliminating the benefit of such net operating loss carryforwards. Furthermore, we may not be able to generate sufficient taxable income to utilize our net operating loss carryforwards before they expire. If any of these events occur, we may not derive some or all of the expected benefits from our net operating loss carryforwards.

Risks Related to Our Ordinary Shares

The market price for our ordinary shares may be volatile or may decline regardless of our operating performance.

The market price of our ordinary shares may be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, many of which are beyond our control, including:

actual or anticipated changes or fluctuations in our results of operations;
the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections;
announcements by us or our competitors of new offerings or new or terminated significant contracts, commercial relationships or capital commitments;
industry or financial analyst or investor reaction to our press releases, other public announcements, and filings with the SEC;
rumors and market speculation involving us or other companies in our industry;
sales or expected future sales of our ordinary shares;
investor perceptions of us and the industries in which we operate;
price and volume fluctuations in the overall stock market from time to time;
changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular;
failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors;
actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally;
litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors;
developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights;
announced or completed acquisitions of businesses or technologies by us or our competitors;

45


actual or perceived breaches of, or failures relating to, privacy, data protection or data security;
new laws or regulations or new interpretations of existing laws or regulations applicable to our business;
any major changes in our management or our board of directors;
general economic conditions, the recent global economic downturn and slow or negative growth of our markets; and
other events or factors, including those resulting from war, including the war between Israel and Hamas, incidents of terrorism or responses to these events.

The concentration of our share ownership with insiders will likely limit your ability to influence corporate matters, including the ability to influence the outcome of director elections and other matters requiring shareholder approval.

Our executive officers, directors, current 5% or greater shareholders and affiliated entities together beneficially owned approximately 18% of our ordinary shares outstanding as of December 31, 2023. As a result, these shareholders, acting together, will have control over certain matters that require approval by our shareholders, including matters such as the appointment and dismissal of directors, capital increases, amendment to our articles of associations, and approval of certain corporate transactions. Corporate action might be taken even if other shareholders oppose them. This concentration of ownership might also have the effect of delaying or preventing a change of control of us that other shareholders may view as beneficial. It should be noted that we are not aware of any voting agreement or arrangement between our shareholders.

In addition, one of our non-executive directors are affiliated with holders of greater than 5% of our ordinary shares.

Sales of substantial amounts of our ordinary shares in the public markets, or the perception that they might occur, could reduce the price that our ordinary shares might otherwise attain.

Sales of a substantial number of ordinary shares in the public market, particularly sales by our directors, executive officers, and significant shareholders, or the perception that these sales could occur, could adversely affect the market price of our ordinary shares and may make it more difficult for you to sell your ordinary shares at a time and price that you deem appropriate.

In addition, certain of our shareholders prior to the completion of our initial public offering in September 2020 (“IPO”) and our founders are entitled to rights with respect to registration of certain of their shares under the Securities Act pursuant to our amended and restated investors’ rights agreement. If these holders of our ordinary shares, by exercising their registration rights, sell a large number of shares, they could adversely affect the market price for our ordinary shares. We have also registered the offer and sale of all ordinary shares that we may issue under our equity compensation plan.

The issuance of additional shares in connection with financings, acquisitions, investments, our share incentive plans or otherwise will dilute all other shareholders.

Our amended and restated articles of association authorize us to issue up to 500 million ordinary shares and up to 50 million preference shares with such rights and preferences as included in our articles of association. Subject to compliance with applicable rules and regulations, we may issue ordinary shares or securities convertible into ordinary shares from time to time in connection with a financing, acquisition, investment, our share incentive plans or otherwise. Any such issuance could result in substantial dilution to our existing shareholders unless pre-emptive rights exist and cause the market price of our ordinary shares to decline.

Provisions of Israeli law and our amended and restated articles of association may delay, prevent or make undesirable an acquisition of all or a significant portion of our shares or assets.

Certain provisions of Israeli law and our articles of association could have the effect of delaying or preventing a change in control and may make it more difficult for a third party to acquire us or for our shareholders to elect different individuals to our board of directors, even if doing so would be beneficial to our shareholders, and may limit the price that investors may be willing to pay in the future for our ordinary shares. For example, Israeli corporate law regulates mergers and requires that a tender offer be effected when certain thresholds of percentage ownership of voting power in a company are exceeded (subject to certain conditions). Further, Israeli tax considerations may make potential transactions undesirable to us or to some of our shareholders whose country of residence does not have a tax treaty with Israel granting tax relief to such shareholders from Israeli tax.

46


Furthermore, under the Encouragement of Research, Development and Technological Innovation in the Industry Law, 5744-1984, and the regulations, guidelines, rules, procedures, and benefit tracks thereunder, collectively, the Innovation Law, to which we are subject due to our receipt of grants from the Israeli National Authority for Technological Innovation, or the Israeli Innovation Authority (the “IIA”), a recipient of IIA grants such as our company must report to the IIA regarding any change in the holding of means of control of our company which transforms any non-Israeli citizen or resident into an “interested party,” as defined in the Israeli Securities Law, and such non-Israeli citizen or resident shall execute an undertaking in favor of IIA, in a form prescribed by IIA.

Our amended and restated Articles of Association provide that the federal district courts of the United States of America will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act, which could limit our shareholders’ ability to choose the judicial forum for disputes with us or our directors, shareholders, officers, or other employees.

Section 22 of the Securities Act creates concurrent jurisdiction for U.S. federal and state courts over all such Securities Act actions. Accordingly, both U.S. state and federal courts have jurisdiction to entertain such claims. To prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our amended and restated Articles of Association provide that, unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States of America shall be the exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act. This exclusive forum provision will not apply to suits brought to enforce any liability or duty created by the Exchange Act. Any person or entity purchasing or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to the foregoing provision of our amended and restated Articles of Association.

Although we believe this exclusive forum provision benefits us by providing increased consistency in the application of U.S. federal securities laws in the types of lawsuits to which they apply, the exclusive forum provision may limit a shareholder’s ability to bring a claim in a judicial forum of its choosing for disputes with us or any of our directors, shareholders, officers, or other employees, which may discourage lawsuits with respect to such claims against us and our current and former directors, shareholders, officers, or other employees. Our shareholders will not be deemed to have waived our compliance with the U.S. federal securities laws and the rules and regulations thereunder as a result of our exclusive forum provision. Further, in the event a court finds the exclusive forum provision contained in our amended and restated Articles of Association to be unenforceable or inapplicable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our results of operations.

We do not intend to pay dividends in the foreseeable future. As a result, your ability to achieve a return on your investment will depend on appreciation in the price of our ordinary shares.

We have never declared or paid any cash dividends on our shares. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not anticipate paying any dividends on our ordinary shares in the foreseeable future. Consequently, investors who purchase our ordinary shares may be unable to realize a gain on their investment except by selling such shares after price appreciation, which may never occur.

Our board of directors has sole discretion whether to pay dividends. If our board of directors decides to pay dividends, the form, frequency, and amount will depend upon our future, operations and earnings, capital requirements and surplus, general financial condition, contractual restrictions and other factors that our directors may deem relevant. The Israeli Companies Law, 5759-1999 (the “Companies Law”) imposes restrictions on our ability to declare and pay dividends. Payment of dividends may also be subject to Israeli withholding taxes.

Risks Related to Our Incorporation and Location in Israel

While JFrog’s operation runs smoothly with most of our go-to-market and support services outside of Israel (mainly in the U.S., India and France), given the conditions in Israel, including the recent attack by Hamas and other terrorist organizations from the Gaza Strip and Israel’s war against them, it is possible that our operations could be adversely affected over time, which could lead to a decrease in revenues.

Because a material part of our research and development is conducted in Israel and certain members of our board of directors and management as well as approximately half of our employees and consultants are located in Israel, our business and operations could be affected by economic, political, geopolitical and military conditions in Israel. Since the establishment of the State of Israel in 1948, a number of armed conflicts have occurred between Israel and its neighboring countries and terrorist organizations active in the region.

47


In October 2023, Hamas militants and members of other terrorist organizations infiltrated Israel’s southern border from the Gaza Strip and conducted a series of terror attacks on civilian and military targets. The intensity and duration of Israel’s current war against Hamas is difficult to predict, as are such war’s economic implications on the Company’s business and operations and on Israel's economy in general. These events may imply wider macroeconomic indications of a deterioration of Israel’s economic standing, which may have a material adverse effect on the Company and its ability to effectively conduct its operations.

Certain of our employees and consultants in Israel have been called, and additional employees may be called, for service in the current or future wars or other armed conflicts. Such employees may be absent for an extended period of time. As a result, our operations may be disrupted by such absences, which disruption may materially and adversely affect our business and results of operations.

Certain countries, companies and organizations participate in a boycott of Israeli companies. In addition, there have been increased efforts recently to cause companies and consumers to boycott Israeli goods and services. Any boycott, restrictive laws, policies or practices directed towards Israel, Israeli businesses or Israeli citizens could, individually or in the aggregate, have a material adverse effect on our business.

It may be difficult to enforce a U.S. judgment against us, our officers and directors in Israel or the United States, or to assert U.S. securities laws claims in Israel or serve process on our officers and directors.

Not all of our directors or officers are residents of the United States. Most of our assets and those of our non-U.S. directors and officers are located outside the United States. Service of process upon us or our non-U.S. resident directors and officers may be difficult to obtain within the United States. We have been informed by our legal counsel in Israel, that it may be difficult to assert claims under U.S. securities laws in original actions instituted in Israel or obtain a judgment based on the civil liability provisions of U.S. federal securities laws. Israeli courts may refuse to hear a claim based on an alleged violation of U.S. securities laws against us or our non-U.S. officers or directors, reasoning that Israel is not the most appropriate forum to hear such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. If U.S. law is found to be applicable, the content of applicable U.S. law must be proved as a fact by expert witnesses which can be a time-consuming and costly process. Certain matters of procedure may also be governed by Israeli law. There is little binding case law in Israel addressing the matters described above. Israeli courts might not enforce judgments rendered outside Israel, which may make it difficult to collect on judgments rendered against us or our non-U.S. officers and directors.

Moreover, among other reasons, including but not limited to, fraud or absence of due process, or the existence of a judgment which is at variance with another judgment that was given in the same matter if a suit in the same matter between the same parties was pending before a court or tribunal in Israel, an Israeli court will not enforce a foreign judgment if it was given in a state whose laws do not provide for the enforcement of judgments of Israeli courts (subject to exceptional cases), or if its enforcement is likely to prejudice the sovereignty or security of the State of Israel.

Your rights and responsibilities as our shareholder are governed by Israeli law, which may differ in some respects from the rights and responsibilities of shareholders of U.S. corporations.

We are incorporated under Israeli law. The rights and responsibilities of holders of our ordinary shares are governed by our amended and restated articles of association and the Companies Law. These rights and responsibilities differ in some respects from the rights and responsibilities of shareholders in typical U.S. corporations. In particular, pursuant to the Companies Law each shareholder of an Israeli company has to act in good faith and in a customary manner in exercising his or her rights and fulfilling his or her obligations toward the company and other shareholders and to refrain from abusing his or her power in the company, including, among other things, in voting at the general meeting of shareholders, on amendments to a company’s articles of association, increases in a company’s authorized share capital, mergers, and certain transactions requiring shareholders’ approval under the Companies Law. In addition, a controlling shareholder of an Israeli company or a shareholder who knows that it possesses the power to determine the outcome of a shareholder vote or who has the power to appoint or prevent the appointment of a director or officer in the company, or has other powers toward the company has a duty of fairness toward the company. However, Israeli law does not define the substance of this duty of fairness. There is little case law available to assist in understanding the implications of these provisions that govern shareholder behavior.

48


We have received Israeli government grants for certain of our research and development activities. The terms of these grants may require us to satisfy specified conditions in order to develop and transfer technologies supported by such grants outside of Israel. In addition, in some circumstances, we may be required to pay penalties in addition to repaying the grants.

Our research and development efforts were financed, in part, through grants from the IIA. From our inception through 2015, we conducted projects with the IIA’s support and received grants totaling $1.2 million from the IIA and repaid to the IIA $1.3 million (the entire amount of the grants and accrued interest).

The Innovation Law requires, inter alia, that the products developed as part of the programs under which the grants were given be manufactured in Israel and restricts the ability to transfer know-how funded by IIA outside of Israel. Transfer of IIA-funded know-how outside of Israel requires prior approval and is subject to payment of a redemption fee to the IIA calculated according to a formula provided under the Innovation Law. A transfer for the purpose of the Innovation Law is generally interpreted very broadly and includes, inter alia, any actual sale of the IIA-funded know-how, any license to develop the IIA-funded know-how or the products resulting from such IIA-funded know-how or any other transaction, which, in essence, constitutes a transfer of IIA-funded know-how. We cannot be certain that any approval of the IIA will be obtained on terms that are acceptable to us, or at all. We may not receive the required approvals should we wish to transfer IIA-funded know-how and/or development outside of Israel in the future.

Transfer of IIA know-how created, in whole or in part, in connection with an IIA-funded project, to a third party outside Israel requires prior approval and is subject to payment to the IIA of a redemption fee calculated according to a formula provided under the Innovation Law. Subject to prior approval of the IIA, we may transfer the IIA-funded know-how to another Israeli company. If the IIA-funded know-how is transferred to another Israeli entity, the transfer would still require IIA approval but will not be subject to the payment of the redemption fee. In such case, the acquiring company would have to assume all of the applicable restrictions and obligations towards the IIA (including the restrictions on the transfer of know-how and manufacturing capacity, to the extent applicable, outside of Israel) as a condition to IIA approval.

General Risk Factors

The requirements of being a public company may strain our resources and divert management’s attention.

As a public company listed in the United States, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the listing requirements of the Nasdaq, and other applicable securities rules and regulations. Compliance with these rules and regulations increases our legal and financial compliance costs, makes some activities more difficult, time-consuming, or costly, and increases demand on our systems and resources. The Exchange Act requires, among other things, that we file annual, quarterly, and current reports with respect to our business and results of operations.

In addition, changing laws, regulations, and standards relating to corporate governance and public disclosure, including regulations implemented by the SEC and Nasdaq, may increase legal and financial compliance costs, and make some activities more time consuming. These laws, regulations and standards are subject to varying interpretations, and as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies.

As a result of disclosure of information in our filings with the SEC, our business and financial condition are visible, which may result in threatened or actual litigation, including by competitors and other third parties. If such claims are successful, our business and results of operations could be adversely affected, and even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and adversely affect our business and results of operations.

If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.

As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, and the rules and regulations of the applicable listing standards of Nasdaq. We are required, pursuant to Section 404 of the Sarbanes-Oxley Act to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. In addition, our independent registered public accounting firm is required to attest to the effectiveness of our internal control over financial reporting.

49


In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended and anticipate that we will continue to expend significant resources, including accounting-related costs and significant management oversight. For example, since our IPO, we have implemented additional policies and procedures associated with the financial statement close process and implemented a system to supplement our core accounting system as part of our control environment. We expect that the requirements of these rules and regulations will continue to increase our legal, accounting, financial compliance and audit costs, make some activities more difficult, time-consuming and costly, and increase demand on our personnel, systems and resources.

In addition, our current controls and any new controls that we develop may become inadequate because of changes in the conditions in our business, including increased complexity resulting from our international expansion. Further, weaknesses in our disclosure controls or our internal control over financial reporting may be discovered in the future. Any failure to maintain internal control over financial reporting could severely inhibit our ability to accurately report our financial condition or results of operations. If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness in our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our ordinary share could decline, and we could be subject to sanctions or investigations by the SEC or other regulatory authorities. Failure to remedy any material weakness in our internal control over financial reporting, or to implement or maintain other effective control systems required of public companies, could also restrict our future access to the capital markets.

The impact of the war between Israel and Hamas, the war between Russia and Ukraine, and other areas of geopolitical tension around the world, including the related global economic disruptions, remains uncertain at this time, and could harm or continue to harm our business and results of operations.

The war between Israel and Hamas, the war between Russia and Ukraine, and other areas of geopolitical tension around the world continue to impact worldwide economic activity and financial markets. As a result of the war between Israel and Hamas, the war between Russia and Ukraine, and related global economic disruptions, we could experience disruptions in our business or the business of our partners, customers, or the economy as a whole, any of which could adversely affect and could materially adversely impact our business, results of operations, and overall financial condition in future periods.

The extent and continued impact of the Israel-Hamas war, the Russia-Ukraine war, and related global economic disruptions on our operational and financial condition will depend on certain developments, including: government responses to the wars; the impact of the wars on our customers and our sales cycles; their impacts on customer, industry, or technology-based community events; and their effect on our partners, some of which are uncertain, difficult to predict, and not within our control. General economic conditions and disruptions in global markets due to the Israel-Hamas war, the Russia-Ukraine war, and other areas of geopolitical tension around the world, and any actions taken by governmental authorities and other third parties in response may also affect our future performance.

As of the date of this Annual Report on Form 10-K, the full impact of the war between Israel and Hamas, the war between Russia and Ukraine, and related global economic disruptions on our financial condition and results of operations remains uncertain. Furthermore, because of our subscription-based business model, the impact of these factors may not be fully reflected in our results of operations and overall financial condition until future periods, if at all.

If industry or financial analysts do not publish research or reports about our business, or if they issue inaccurate or unfavorable research regarding our ordinary shares, our share price and trading volume could decline.

The trading market for our ordinary shares is influenced by the research and reports that industry or financial analysts publish about us or our business. We do not control these analysts, or the content and opinions included in their reports. As a new public company, we may be slow to attract research coverage and the analysts who publish information about our ordinary shares will have had relatively little experience with our company, which could affect their ability to accurately forecast our results and make it more likely that we fail to meet their estimates. In the event we obtain industry or financial analyst coverage, if any of the analysts who cover us issues an inaccurate or unfavorable opinion regarding our company, our share price would likely decline. In addition, the share prices of many companies in the technology industry have declined significantly after those companies have failed to meet, or significantly exceed, the financial guidance publicly announced by the companies or the expectations of analysts. If our financial results fail to meet, or significantly exceed, our announced guidance or the expectations of analysts or public investors, analysts could downgrade our ordinary shares or publish unfavorable research about us. If one or more of these analysts cease coverage of our company or fail to publish reports on us regularly, our visibility in the financial markets could decrease, which in turn could cause our share price or trading volume to decline.

50


If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our results of operations could fall below expectations of securities analysts and investors, resulting in a decline in the trading price of our ordinary shares.

The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue, and expenses that are not readily apparent from other sources. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our ordinary shares. Significant items subject to such estimates and assumptions include, but are not limited to, the allocation of transaction price among various performance obligations, the estimated benefit period of deferred contract acquisition costs, the allowance for credit losses, the fair value of acquired intangible assets and goodwill, the useful lives of acquired intangible assets and property and equipment, the incremental borrowing rate for operating leases, and the valuation of deferred tax assets and uncertain tax positions.

We are exposed to credit risk and fluctuations in the market values of our investment portfolio.

Given the global nature of our business we have diversified U.S. and non-U.S. investments. Credit ratings and pricing of our investments can be negatively affected by liquidity, credit deterioration, financial results, economic risk, political risk, sovereign risk, or other factors. As a result, the value and liquidity of our investments may fluctuate substantially. Therefore, although we have not realized any significant losses on our investments, future fluctuations in their value could result in a significant realized loss.

Catastrophic events, or man-made problems such as terrorism, may disrupt our business.

A significant natural disaster, such as an earthquake, fire, flood, or significant power outage could have an adverse impact on our business, results of operations, and financial condition. We have a number of our employees and executive officers located in the San Francisco Bay Area, a region known for seismic activity and increasingly, wildfires. In the event our or our partners abilities are hindered by any of the events discussed above, sales could be delayed, resulting in missed financial targets for a particular quarter. In addition, acts of terrorism, pandemics, such as the outbreak of the novel coronavirus or another public health crisis, protests, riots and other geo-political unrest could cause disruptions in our business or the business of our partners, customers, or the economy as a whole. Any disruption in the business of our partners or customers that affects sales in a given fiscal quarter could have a significant adverse impact on our quarterly results for that and future quarters. All of the aforementioned risks may be further increased if our disaster recovery plans prove to be inadequate.

Our business could be negatively impacted by changes in the United States political environment.

Policy changes implemented by the Biden administration could significantly impact our business as well as the markets in which we compete. Specific legislative and regulatory proposals discussed during election campaigns and more recently that might materially impact us include, but are not limited to, changes to trade agreements, immigration policy, import and export regulations, tariffs and customs duties, federal and state tax laws and regulations, public company reporting requirements, and antitrust enforcement. Further, an extended federal government shutdown resulting from failing to pass budget appropriations, adopt continuing funding resolutions, or raise the debt ceiling, and other budgetary decisions limiting or delaying deferral government spending, may negatively impact U.S. or global economic conditions, including corporate and consumer spending, and liquidity of capital markets. To the extent changes in the political environment have a negative impact on us or on our markets, our business, results of operations and financial condition could be materially and adversely affected in the future.

Item 1B. Unresolved Staff Comments

None.

51


Item 1C. Cybersecurity

Risk Management and Strategy

Our information security program is managed by our Chief Security Officer and VP of Security Engineering (“CSO”), whose team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, technologies, and processes. Our CSO’s primary responsibility includes assessing, monitoring, and managing our cybersecurity risks. With over 24 years of experience in the field of cybersecurity, our CSO brings a wealth of experience to her role. Her background includes extensive experience as an enterprise CSO, and she is well recognized within the industry. Her in-depth knowledge and experience are instrumental in developing and executing our cybersecurity strategies. In partnership with our Chief Information Officer (“CIO”) who leads our Governance Risk and Compliance (“GRC”) function, our CSO oversees our governance programs, tests our compliance with standards, remediates known risks, and leads our employee security training program.

The CSO works to stay informed about relevant developments in cybersecurity, including potential threats and innovative risk management techniques. The CSO implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and advanced compliance systems to identify potential vulnerabilities and mitigate them. The CSO collaborates closely with various key departments within the company – including the office of our Chief Technology Officer (“CTO”), Engineering, IT, DevOps, Support, and Production – to implement our Vulnerability Management Remediation Plan. This collaboration is aligned with industry standards of the Software Development Life Cycle, underscoring our commitment to maintaining robust security protocols across all phases of our operations.

We have developed and maintain a robust cybersecurity incident response plan, led by the CSO. JFrog’s cybersecurity incident response team has a comprehensive strategy and policies in place for managing security incidents. Along with swift threat classification, containment, and eradication, the strategy includes notification procedures to promptly inform and support stakeholders in accordance with applicable data breach notification laws. Incident analysis is carried out to understand root causes and drive continuous improvement.

Our information security controls and practices are certified against globally recognized standards: ISO 27001, ISO 27701, ISO 27017, SOC 2 Type II. We are also aligned to cybersecurity practices and controls recommended by the National Institute of Standards and Technology (NIST), part of the U.S. Department of Commerce.

Our third-party vendor risk management program addresses third party vendors with access to our systems or data, or processing data on our behalf, and includes a risk-based approach and security assessments throughout the third-party life-cycle, from onboarding to termination, as well as through contractual controls and technological controls to monitor the vendors posture. This program is designed to oversee and identify risks from cybersecurity threats associated with its use of any third-party service providers.

Training and Awareness

Our employees undertake cybersecurity and data privacy training during onboarding and the majority of our employees complete annual refresher modules. JFrog also maintains a secure-code training program for developers and quarterly phishing simulation to improve our employees' awareness and resilience. Employees who do not meet our performance expectations in such simulations are required to undergo additional training.

Engagement with Third-Parties on Risk Management

Given the complexity and evolving nature of cybersecurity threats, we engage with a range of external experts, including cybersecurity assessors, consultants, and auditors in evaluating and testing our risk management systems. These partnerships enable us to leverage specialized knowledge and insights, helping our cybersecurity strategies and processes remain consistent with applicable generally adopted industry best practices. Our collaboration with these third parties includes regular audits, threat assessments and penetration testing; consultation on security enhancements; bug bounty program for identifying security weaknesses in our products and services; designing partnership with third party vendors; using our inhouse security tools as customers; and global incident response experts for potential critical cybersecurity events.

As of the date of this report, we are not aware of any cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. For more detailed information about the cybersecurity risks we face, please see Item 1A, “Risk Factors,” in this annual report on Form 10-K, including Risks Related to Privacy, Data Protection and Cybersecurity: “A breach of our security measures or unauthorized

52


access to proprietary and confidential data, or a perception that any security breach or other incident has occurred, may result in our platform or products being perceived as not secure, lower customer use or stoppage of use of our products, and significant liabilities.”

Governance

Our Board of Directors has established robust oversight mechanisms to support effective governance in managing risks associated with cybersecurity threats. All of our Board members have experience in the tech industry. Data protection under their guidance and oversight remains a strategic priority at the highest levels of our organization. The Audit Committee is responsible for oversight of our information security program and is consulted with at least twice a year by management. Our VP of Internal Audit leads an annual internal audit plan, and its status and internal audit findings are reported to the Audit Committee on a quarterly basis. Our cybersecurity strategies and initiatives are refined by the continuous dialogue and the rich insight of our Board members.

Our CTO who is also a Board member, has established the CSO Office at JFrog. Our CTO and CSO have extensive experience assessing and managing cybersecurity programs and cybersecurity risks, and they work closely to define the initiatives of our cybersecurity program, the CSO organization structure and cyber business continuity plan planning. Our CTO is updated regularly on the status of our cybersecurity program. This allows us to address emerging threats and make informed decisions in real-time and to protect our systems on a timely basis. Over the past two decades, our CIO has held various positions in information technology and information security, including as CIO in two public companies, managing and controlling cybersecurity long-term programs and risks. Governance, Risks and Compliance (GRC) is managed by the CIO team, while cross-GRC activities are managed by the team, in alignment with the CSO.

Risk assessments are periodically conducted by our VP of Internal Audit. Internal audits are conducted and reported to the Audit Committee on a quarterly basis.

Item 2. Properties

We are co-headquartered in Sunnyvale, California and in Netanya, Israel. We lease approximately 49,000 square feet of office space in Sunnyvale under leases expiring through 2026, and approximately 52,000 square feet of office space in Netanya under a lease expiring in 2026.

We lease all of our facilities and do not own any real property. We believe that our facilities are adequate for our current needs and anticipate that suitable additional space will be readily available to accommodate any foreseeable expansion of our operations.

Item 3. Legal Proceedings

The information set forth under the heading “Legal Proceedings” in Note 11 to the consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K is incorporated herein by reference.

Item 4. Mine Safety Disclosures

Not applicable.

53


PART II

Item 5. Market for Registrant's Common Equity, Related Shareholder Matters and Issuer Purchases of Equity Securities

Market Information for Our Ordinary Shares

Our Ordinary Shares has been listed on the Nasdaq Global Select Market (Nasdaq) under the symbol "FROG" since September 16, 2020. Prior to that date, there was no public trading market for our Ordinary Shares.

Holders of Record

As of February 9, 2024, we had 57 holders of record of our Ordinary Shares. The actual number of holders is greater than this number of record holders and includes holders who are beneficial owners but whose shares are held in street name by brokers and other nominees.

Dividend Policy

We have never declared nor paid any cash dividends on our shares. We currently intend to retain any future earnings and do not expect to pay any dividends in the foreseeable future. Any future determination to declare cash dividends will be made at the discretion of our Board of Directors, subject to applicable laws, and will depend on a number of factors, including our financial condition, results of operations, capital requirements, contractual restrictions, general business conditions, and other factors that our Board of Directors may deem relevant.

Share Performance Graph

This performance graph shall not be deemed “soliciting material” or to be “filed” with the Securities and Exchange Commission, or the SEC, for purposes of Section 18 of the Exchange Act, or otherwise subject to the liabilities under that Section, and shall not be deemed to be incorporated by reference into any of our filings under the Securities Act.

The graph below compares the cumulative total stockholder return on our ordinary share from September 16, 2020 (the date our ordinary share commenced trading on the Nasdaq) through December 31, 2023 with the cumulative total return on the S&P 500 Index and the S&P 500 Information Technology Index. All values assume a $100 initial investment and data for the S&P 500 Composite Index and the S&P Information Technology Index assume reinvestment of dividends. The comparisons are based on historical data and are not indicative of, nor intended to forecast, the future performance of our ordinary share.

img191605191_1.jpg 

Unregistered Sales of Equity Securities

None.

54


Issuer Purchases of Equity Securities

None.

Item 6. [Reserved]

Item 7. Management's Discussion and Analysis of Financial Conditions and Results of Operations

The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements and the related notes included elsewhere in this Annual Report on Form 10-K. You should review the section titled “Special Note Regarding Forward-Looking Statements,” above in this Annual Report on Form 10-K for a discussion of forward-looking statements and important factors that could cause actual results to differ materially from the results described in or implied by the forward-looking statements contained in the following discussion and analysis. Factors that could cause or contribute to such differences include, but are not limited to, those identified below, and those discussed in the section titled “Risk Factors” in this Annual Report on Form 10-K. Our historical results are not necessarily indicative of the results that may be expected for any period in the future.

The following section generally discusses our financial condition and results of operations for the year ended December 31, 2023 compared to the year ended December 31, 2022. A discussion regarding our financial condition and results of operations for the year ended December 31, 2022 compared to the year ended December 31, 2021 can be found in Part II, Item 7 of our 2022 Annual Report on Form 10‐K, filed with the SEC on February 9, 2023.

Overview

JFrog’s vision is to power a world of continuously updated, secure, trusted software – we call this Liquid Software.

We provide an end-to-end, hybrid, universal Software Supply Chain Platform that enables organizations to continuously and securely create and deliver software updates across any system. This platform is the critical bridge between software development and deployment of that software, paving the way for modern software supply chain management and software release processes. We enable organizations to build and release software faster and more securely while empowering developers, security teams and machine learning operation teams to be more efficient. As of December 31, 2023, we had a global customer base of approximately 7,400 organizations across all industries and sizes, including approximately 83% of Fortune 100 organizations, increasing from approximately 7,200 organizations as of December 31, 2022. All of the top 10 technology organizations, 9 of the top 10 financial services organizations, 9 of the top 10 retail organizations, 9 of the top 10 healthcare organizations, and all of the top 6 telecommunications organizations in the Fortune 500 have adopted the JFrog platform, embarking on their journey towards Liquid Software. For the year ended December 31, 2023, our 10 largest customers represented approximately 7% of our total revenue and no single customer accounted for more than 1% of our total revenue. For the year ended December 31, 2023, 38% of our revenue was generated from customers outside of the United States.

We have designed our subscription structure and go-to-market strategy to align our growth with the success of our customers. Our business model benefits from our ability to serve the needs of all customers, from individual software developers, security teams, and IT operators to the largest organizations, in a value-oriented manner.

We generate revenue from the sale of subscriptions to customers. We offer subscription tiers for self-managed deployments, where our customers deploy and manage our products across their public cloud, on-premise, private cloud, or hybrid environments, as well as JFrog-managed public cloud deployments, which we refer to as our SaaS subscriptions. Revenue from SaaS subscriptions contributed 34% of our total revenue for the year ended December 31, 2023, compared to 28% for the year ended December 31, 2022.

Our self-managed subscriptions are offered on an annual and multi-year basis, and our SaaS subscriptions are offered on a monthly, annual, and multi-year basis. Revenue from Enterprise Plus subscription represented approximately 46% of our total revenue for the year ended December 31, 2023, compared to approximately 38% for the year ended December 31, 2022. The growth in revenue from our Enterprise Plus subscription demonstrates the increased demand for our end-to-end solutions for customers’ entire software supply chain management.

We have an unwavering commitment to the software developer, security teams, and IT operator communities, and show this commitment by offering varying forms of free access to our products in addition to the paid subscriptions described above. This

55


free access takes the form of free trials and open source software, and helps generate demand for our paid offerings within the software developer, security and IT operator communities.

We generated revenue of $349.9 million and $280.0 million for the years ended December 31, 2023 and 2022, respectively, representing year-over-year growth rate of 25%. We continued to invest in our business and had net loss of $61.3 million and $90.2 million for the years ended December 31, 2023 and 2022, respectively.

Israel-Hamas War

On October 7, 2023, Hamas militants and members of other terrorist organizations infiltrated Israel’s southern border from the Gaza Strip and conducted a series of terror attacks on civilian and military targets. Following the attack, Israel’s security cabinet declared war against Hamas and a military campaign against these terrorist organizations commenced in parallel with continued rocket and terror attacks from Hamas.

In connection with the Israeli security cabinet’s war declaration against Hamas and possible hostilities with other organizations, several hundred thousand Israeli military reservists were drafted by the Israel Defense Forces to perform immediate military service. Certain of our employees and consultants in Israel have been called and additional employees may be called as the conflict progresses. Such employees may be absent for an extended period of time. Accordingly, we have taken steps to mitigate the effects of the war between Hamas and Israel on our business and results of operations.

Although we are domiciled in Israel, we are a global, cloud-based company, with operations spanning numerous countries with redundant infrastructure and code located outside of Israel. We maintain a comprehensive business continuity plan and have taken the necessary steps in line with such plan, in an effort to ensure that our operations and service to our customers remain consistent, in light of certain employees drafted as reservists in the war between Hamas and Israel. Our business continuity plan is structured around three pillars and was activated on October 7, 2023, hours after the attack on Israel. The first pillar is our internal plan focused on the safety of our employees in Israel and maintaining internal communication channels. The second pillar revolves around technology to support continuity of our services, security, cyber defense, and research and development. The third pillar is dedicated to our external-facing activities to promote continuity of customer engagements, support and external communication. As of the date of this Annual Report on Form 10-K, there has been no major interruption or material adverse impact on our operating results. We will continue to monitor the situation as it progresses.

Factors Affecting Our Performance

We believe that our future performance will depend on many factors, including the following:

Extending Our Technology Leadership

We intend to continue to enhance our platform by developing new products and expanding the functionality of existing products to maintain our technology leadership. Today, with JFrog Artifactory at its center, our platform is comprised of additional security solutions and the connected device management solution. We have continued to invest in innovation and introduce new products and capabilities. For instance, in July 2023, we released JFrog Curation, a solution that prevents malicious open source or third-party software packages and their respective dependencies from entering an organization’s software development environment.

We invest heavily in integrating our products with the major package technologies so that our products can be easily adopted in any development environment. We believe that these integrations increase the value of our platform to our customers, as they provide freedom of choice for software developers, security and IT operators and help avoid vendor lock-in. We intend to expend additional resources in the future to continue introducing new products, features, and functionality.

Expanding Usage by Existing Customers

We believe that there is a significant opportunity for growth with many of our existing customers. Many customers purchase our products through self-service channels and often materially expand their usage over time. Increased engagement with our products provides our support and customer success teams opportunities to work directly with customers and introduce them to additional products and features, as well as drive usage of our products across large teams and more broadly across organizations. Furthermore, we see expansion opportunities when customers migrate from self-managed subscriptions to SaaS solutions because customers have generally increased their platform usage levels after migration. We will continue to expand our strategic team to

56


identify new use cases and drive expansion and standardization on JFrog within our largest customers, to maintain engineering-level customer support, and to introduce new products and features that are responsive to our customers’ needs.

We quantify our expansion across existing customers through our net dollar retention rate. Our net dollar retention rate compares our annual recurring revenue (“ARR”) from the same set of customers across comparable periods. We define ARR as the annualized revenue run-rate of subscription agreements from all customers as of the last month of the quarter. The ARR includes monthly subscription customers so long as we generate revenue from these customers. We annualize our monthly subscriptions by taking the revenue we would contractually expect to receive from such customers in a given month and multiplying it by 12. We calculate net dollar retention rate by first identifying customers (the “Base Customers”), which were customers in the last month of a particular quarter (the “Base Quarter”). We then calculate the contracted ARR from these Base Customers in the last month of the same quarter of the subsequent year (the “Comparison Quarter”). This calculation captures upsells, contraction, and attrition since the Base Quarter. We then divide total Comparison Quarter ARR by total Base Quarter ARR for Base Customers. Our net dollar retention rate in a particular quarter is obtained by averaging the result from that particular quarter with the corresponding results from each of the prior three quarters. Our net dollar retention rate may fluctuate as a result of a number of factors, including the level of penetration within our customer base, expansion of products and features, and our ability to retain our customers. As of December 31, 2023 and 2022, our net dollar retention rate was 119% and 128%, respectively. We expect our net dollar retention rate to stabilize around current levels.

We focus on growing the number of large customers as a measure of our ability to scale with our customers and attract larger organizations to adopt our products. As of December 31, 2023, 886 of our customers had ARR of $100,000 or more, increasing from 736 customers as of December 31, 2022. We had 37 customers with ARR of at least $1.0 million as of December 31, 2023, increasing from 19 customers as of December 31, 2022.

Acquiring New Customers

We believe there is a significant opportunity to grow the number of customers that use our platform. As of December 31, 2023, approximately 32% of the Forbes Global 2000 were our customers. Our results of operations and growth prospects will depend in part on our ability to attract new customers. To date, we have primarily relied on our self-service and inbound sales model to attract new customers. Prospective customers can evaluate and adopt our products through our free trials and open source software options. The costs associated with providing these free trials and open source software options are included in sales and marketing. While we believe we have a significant market opportunity that our platform addresses, we will need to continue to invest in customer support, sales and marketing, and research and development in order to address this opportunity.

Additionally, we believe our products address the software release needs of customers worldwide, and we see international expansion as a major opportunity. We have been operating and selling our products in international markets since our inception. While we believe global demand for our products will continue to increase as international market awareness of our brand grows, our ability to conduct our operations internationally will require considerable management attention and resources and is subject to the particular challenges of supporting a rapidly growing business in an environment of multiple languages, cultures, customs, legal and regulatory systems, alternative dispute systems, and commercial markets.

Non-GAAP Financial Measures

In addition to our results determined in accordance with GAAP, we believe that free cash flow, a non-GAAP financial measure, is useful in evaluating the performance of our business.

Free Cash Flow

Free cash flow is a non-GAAP financial measure that we calculate as net cash provided by operating activities less purchases of property and equipment. We believe this is a useful indicator of liquidity that provides information to management and investors about the amount of cash generated from our core operations that, after the purchases of property and equipment, can be used for strategic initiatives, including investing in our business, making strategic acquisitions, and strengthening our balance sheet. Free cash flow has limitations as an analytical tool, and it should not be considered in isolation or as a substitute for analysis of other GAAP financial measures, such as net cash provided by operating activities. Some of the limitations of free cash flow are that this metric does not reflect our future contractual commitments and may be calculated differently by other companies in our industry, limiting its usefulness as a comparative measure. We expect our free cash flow to fluctuate in future periods as we invest in our business to support our plans for growth.

57


The following table summarizes our cash flows for the periods presented and provides a reconciliation of net cash from operating activities, the most directly comparable financial measure calculated in accordance with GAAP, to free cash flow, a non-GAAP financial measure, for each of the periods presented:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

 

 

(in thousands)

 

Net cash provided by operating activities

 

$

74,155

 

 

$

21,425

 

 

$

27,902

 

Less: purchases of property and equipment

 

 

(1,982

)

 

 

(4,328

)

 

 

(4,228

)

Free cash flow

 

$

72,173

 

 

$

17,097

 

 

$

23,674

 

Net cash used in investing activities

 

$

(53,476

)

 

$

(53,338

)

 

$

(125,545

)

Net cash provided by financing activities

 

$

18,371

 

 

$

11,027

 

 

$

1,444

 

Components of Results of Operations

Revenue

Our revenues are comprised of revenue from self-managed subscriptions and SaaS subscriptions. Subscriptions to our self-managed software include license, support, and upgrades and updates on a when-and-if-available basis. Our SaaS subscriptions provide access to our latest managed version of our product hosted in a public cloud.

Subscription—Self-Managed and SaaS

Subscription—self-managed and SaaS revenue is generated from the sale of subscriptions for our self-managed software products and revenue from our SaaS subscriptions. For subscriptions to our self-managed software products, revenue is recognized ratably over the subscription term. For our SaaS subscriptions, revenue is recognized based on usage as the usage occurs over the contract period.

License—Self-Managed

The license component of our self-managed subscriptions reflects the revenue recognized by providing customers with access to proprietary software features. License revenue is recognized upfront when the software license is made available to our customer.

Cost of Revenue

Subscription—Self-Managed and SaaS

Cost of subscription—self-managed and SaaS revenue primarily consists of expenses related to providing support to our customers and cloud-related costs, such as hosting and managing costs. These costs primarily consist of personnel-related expenses of our services and customer support personnel, share-based compensation expenses, amortization of acquired intangible assets, public cloud infrastructure costs, depreciation of property and equipment, and allocated overhead. We expect our cost of subscription and SaaS revenue to increase in absolute dollars as our subscription and SaaS revenue increases.

License—Self-Managed

Cost of license self-managed revenue consists of amortization of acquired intangible assets.

Operating Expenses

Research and Development

Research and development costs primarily consist of personnel-related expenses, share-based compensation expenses, associated with our engineering personnel responsible for the design, development, and testing of our products, cost of development environments and tools, and allocated overhead. We expect that our research and development expenses will

58


continue to increase as we increase our research and development headcount to further strengthen and enhance our products and invest in the development of our software.

Sales and Marketing

Sales and marketing expenses primarily consist of personnel-related expenses, share-based compensation expenses, sales commissions primarily associated with our sales and marketing organizations, public cloud infrastructure costs associated with our free trials and open source software options, and costs associated with marketing programs and user events. Marketing programs include advertising, promotional events, and brand-building activities. We plan to increase our investment in sales and marketing over the foreseeable future, as we continue to hire additional personnel and invest in sales and marketing programs.

General and Administrative

General and administrative expenses primarily consist of personnel-related expenses, share-based compensation expenses, associated primarily with our finance, legal, human resources and other operational and administrative functions, professional fees for external legal, accounting and other consulting services, directors and officer’s insurance expenses, and allocated overhead. We expect to increase the size of our general and administrative function to support the growth of our business.

Interest and Other Income, Net

Interest and other income, net primarily consists of income earned on our cash equivalents and short-term investments. Interest and other income, net also includes foreign exchange gains and losses.

Income Tax Expense

Income tax expense (benefit) consists primarily of income taxes related to the U.S. and other foreign jurisdictions in which we conduct business. We maintain a full valuation allowance on certain deferred tax assets in Israel as we have concluded that it is not more likely than not that the deferred tax assets will be realized. Our effective tax rate is affected by tax rates in foreign jurisdictions and the relative amounts of income we earn in those jurisdictions, as well as non-deductible expenses, such as share-based compensation, and changes in our valuation allowance.

Results of Operations

The following tables set forth selected consolidated statements of operations data and such data as a percentage of total revenue for each of the periods indicated:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

 

 

(in thousands)

 

Revenue:

 

 

 

 

 

 

 

 

 

Subscription—self-managed and SaaS

 

$

330,193

 

 

$

261,452

 

 

$

190,046

 

License—self-managed

 

 

19,693

 

 

 

18,588

 

 

 

16,637

 

Total subscription revenue

 

 

349,886

 

 

 

280,040

 

 

 

206,683

 

Cost of revenue:

 

 

 

 

 

 

 

 

 

Subscription—self-managed and SaaS(1)(2)(3)

 

 

76,244

 

 

 

61,407

 

 

 

41,023

 

License—self-managed(2)

 

 

799

 

 

 

880

 

 

 

800

 

Total cost of revenue—subscription

 

 

77,043

 

 

 

62,287

 

 

 

41,823

 

Gross profit

 

 

272,843

 

 

 

217,753

 

 

 

164,860

 

Operating expenses:

 

 

 

 

 

 

 

 

 

Research and development(1)(3)

 

 

134,584

 

 

 

121,225

 

 

 

79,604

 

Sales and marketing(1)(2)(3)(4)

 

 

150,675

 

 

 

130,812

 

 

 

96,962

 

General and administrative(1)(3)(4)

 

 

63,132

 

 

 

55,556

 

 

 

56,663

 

Total operating expenses

 

 

348,391

 

 

 

307,593

 

 

 

233,229

 

Operating loss

 

 

(75,548

)

 

 

(89,840

)

 

 

(68,369

)

Interest and other income, net

 

 

21,032

 

 

 

5,094

 

 

 

744

 

Loss before income taxes

 

 

(54,516

)

 

 

(84,746

)

 

 

(67,625

)

Income tax expense (benefit)

 

 

6,740

 

 

 

5,438

 

 

 

(3,422

)

Net loss

 

$

(61,256

)

 

$

(90,184

)

 

$

(64,203

)

 

59


_________________________________________

(1) Includes share-based compensation expense as follows:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

 

 

(in thousands)

 

Cost of revenue: subscription–self-managed and SaaS

 

$

9,784

 

 

$

6,991

 

 

$

4,027

 

Research and development

 

 

32,689

 

 

 

24,664

 

 

 

14,572

 

Sales and marketing

 

 

30,338

 

 

 

22,753

 

 

 

15,256

 

General and administrative

 

 

22,360

 

 

 

14,253

 

 

 

23,094

 

Total share-based compensation expense

 

$

95,171

 

 

$

68,661

 

 

$

56,949

 

(2) Includes amortization expense of acquired intangible assets as follows:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

 

 

(in thousands)

 

Cost of revenue: subscription–self-managed and SaaS

 

$

9,546

 

 

$

9,543

 

 

$

4,147

 

Cost of revenue: license—self-managed

 

 

799

 

 

 

880

 

 

 

800

 

Sales and marketing

 

 

1,431

 

 

 

1,145

 

 

 

952

 

Total amortization expense of acquired intangible assets

 

$

11,776

 

 

$

11,568

 

 

$

5,899

 

(3) Includes acquisition-related costs as follows:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

 

 

(in thousands)

 

Cost of revenue: subscription–self-managed and SaaS

 

$

20

 

 

$

25

 

 

$

16

 

Research and development

 

 

7,301

 

 

 

9,610

 

 

 

5,489

 

Sales and marketing

 

 

125

 

 

 

762

 

 

 

463

 

General and administrative

 

 

161

 

 

 

315

 

 

 

1,006

 

Total acquisition-related costs

 

$

7,607

 

 

$

10,712

 

 

$

6,974

 

(4) Includes legal settlement costs as follows:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

 

 

(in thousands)

 

Sales and marketing

 

$

 

 

$

 

 

$

2,550

 

General and administrative

 

 

 

 

 

216

 

 

 

203

 

Total legal settlement costs

 

$

 

 

$

216

 

 

$

2,753

 

 

60


 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

Revenue:

 

 

 

 

 

 

 

 

 

Subscription—self-managed and SaaS

 

 

94

%

 

 

93

%

 

 

92

%

License—self-managed

 

 

6

 

 

 

7

 

 

 

8

 

Total subscription revenue

 

 

100

 

 

 

100

 

 

 

100

 

Cost of revenue:

 

 

 

 

 

 

 

 

 

Subscription—self-managed and SaaS

 

 

22

 

 

 

22

 

 

 

20

 

License—self-managed

 

 

 

 

 

 

 

 

 

Total cost of revenue—subscription

 

 

22

 

 

 

22

 

 

 

20

 

Gross profit

 

 

78

 

 

 

78

 

 

 

80

 

Operating expenses:

 

 

 

 

 

 

 

 

 

Research and development

 

 

39

 

 

 

43

 

 

 

39

 

Sales and marketing

 

 

43

 

 

 

47

 

 

 

47

 

General and administrative

 

 

18

 

 

 

20

 

 

 

27

 

Total operating expenses

 

 

100

 

 

 

110

 

 

 

113

 

Operating loss

 

 

(22

)

 

 

(32

)

 

 

(33

)

Interest and other income, net

 

 

6

 

 

 

2

 

 

 

 

Loss before income taxes

 

 

(16

)

 

 

(30

)

 

 

(33

)

Income tax expense (benefit)

 

 

2

 

 

 

2

 

 

 

(2

)

Net loss

 

 

(18

)%

 

 

(32

)%

 

 

(31

)%

Comparison of the Years Ended December 31, 2023 and 2022

Revenue

 

 

Year Ended December 31,

 

 

 

 

 

 

 

 

 

2023

 

 

2022

 

 

$ Change

 

 

% Change

 

 

 

(in thousands, except percentages)

 

Subscription—self-managed and SaaS

 

$

330,193

 

 

$

261,452

 

 

$

68,741

 

 

 

26

%

License—self-managed

 

 

19,693

 

 

 

18,588

 

 

 

1,105

 

 

 

6

 

Total subscription revenue

 

$

349,886

 

 

$

280,040

 

 

$

69,846

 

 

 

25

%

The increase in total subscription revenue for the year ended December 31, 2023 compared to the year ended December 31, 2022 consisted of approximately $64.5 million growth from existing customers and the remaining attributable to new customers.

Cost of Revenue and Gross Margin

 

 

Year Ended December 31,

 

 

 

 

 

 

 

 

 

2023

 

 

2022

 

 

$ Change

 

 

% Change

 

 

 

(in thousands, except percentages)

 

Subscription—self-managed and SaaS

 

$

76,244

 

 

$

61,407

 

 

$

14,837

 

 

 

24

%

License—self-managed

 

 

799

 

 

 

880

 

 

 

(81

)

 

 

(9

)

Total cost of revenue—subscription

 

$

77,043

 

 

$

62,287

 

 

$

14,756

 

 

 

24

%

Gross margin

 

 

78

%

 

 

78

%

 

 

 

 

 

 

Total cost of revenue increased for the year ended December 31, 2023 compared to the year ended December 31, 2022. The increase was primarily attributable to an increase of $9.1 million in third-party hosting costs primarily driven by increased revenue from SaaS subscriptions, an increase of $2.8 million in share-based compensation expense as discussed in the section titled Share-Based Compensation Expense below, and an increase of $1.8 million in personnel-related expenses mainly as a result of increased headcount.

Gross margin remained consistent for the year ended December 31, 2023 compared to the year ended December 31, 2022.

61


Operating Expenses

Research and Development

 

 

Year Ended December 31,

 

 

 

 

 

 

 

 

 

2023

 

 

2022

 

 

$ Change

 

 

% Change

 

 

 

(in thousands, except percentages)

 

Research and development

 

$

134,584

 

 

$

121,225

 

 

$

13,359

 

 

 

11

%

Research and development expense increased for the year ended December 31, 2023 compared to the year ended December 31, 2022. The increase was primarily attributable to an increase of $8.0 million in share-based compensation expense as discussed in the section titled Share-Based Compensation Expense below, an increase of $4.8 million in personnel-related expenses mainly as a result of increased headcount, and an increase of $1.8 million in costs of development environments and tools, partially offset by a decrease of $2.1 million in compensation expense associated with holdback and retention arrangements from our acquisitions in 2021.

Sales and Marketing

 

 

Year Ended December 31,

 

 

 

 

 

 

 

 

 

2023

 

 

2022

 

 

$ Change

 

 

% Change

 

 

 

(in thousands, except percentages)

 

Sales and marketing

 

$

150,675

 

 

$

130,812

 

 

$

19,863

 

 

 

15

%

Sales and marketing expense increased for the year ended December 31, 2023 compared to the year ended December 31, 2022. The increase was primarily attributable to an increase of $7.6 million in share-based compensation expense as discussed in the section titled Share-Based Compensation Expense below, an increase of $5.9 million in personnel-related expenses mainly as a result of increased headcount, and an increase of $5.6 million in commissions mainly from amortization of deferred contract acquisition costs.

General and Administrative

 

 

Year Ended December 31,

 

 

 

 

 

 

 

 

 

2023

 

 

2022

 

 

$ Change

 

 

% Change

 

 

 

(in thousands, except percentages)

 

General and administrative

 

$

63,132

 

 

$

55,556

 

 

$

7,576

 

 

 

14

%

General and administrative expense increased for the year ended December 31, 2023 compared to the year ended December 31, 2022. The increase was primarily attributable to an increase of $8.1 million in share-based compensation expense as discussed in the section titled Share-Based Compensation Expense below and an increase of $1.6 million in personnel-related expenses mainly as a result of increased headcount, partially offset by a decrease of $1.9 million in professional fees for recruiting, accounting and other services.

Share-based Compensation Expense

 

 

Year Ended December 31,

 

 

 

 

 

 

 

 

 

2023

 

 

2022

 

 

$ Change

 

 

% Change

 

 

 

(in thousands, except percentages)

 

Cost of revenue: subscription–self-managed and SaaS

 

$

9,784

 

 

$

6,991

 

 

$

2,793

 

 

 

40

%

Research and development

 

 

32,689

 

 

 

24,664

 

 

 

8,025

 

 

 

33

 

Sales and marketing

 

 

30,338

 

 

 

22,753

 

 

 

7,585

 

 

 

33

 

General and administrative

 

 

22,360

 

 

 

14,253

 

 

 

8,107

 

 

 

57

 

Total share-based compensation expense

 

$

95,171

 

 

$

68,661

 

 

$

26,510

 

 

 

39

%

The increase in share-based compensation expenses for the year ended December 31, 2023 compared to the year ended December 31, 2022 was primarily attributable to grants to new and existing employees.

62


Interest and Other Income, Net

 

 

Year Ended December 31,

 

 

 

 

 

 

 

 

 

2023

 

 

2022

 

 

$ Change

 

 

% Change

 

 

 

(in thousands, except percentages)

 

Interest and other income, net

 

$

21,032

 

 

$

5,094

 

 

$

15,938

 

 

 

313

%

Interest and other income, net increased for the year ended December 31, 2023 compared to the year ended December 31, 2022, primarily due to higher interest income as a result of higher interest rates on our deposits and marketable securities.

Income Tax Expense

 

 

Year Ended December 31,

 

 

 

 

 

 

 

 

 

2023

 

 

2022

 

 

$ Change

 

 

% Change

 

 

 

(in thousands, except percentages)

 

Income tax expense (benefit)

 

$

6,740

 

 

$

5,438

 

 

$

1,302

 

 

 

24

%

Effective income tax rate

 

 

(12

)%

 

 

(6

)%

 

 

 

 

 

 

Our effective tax rate is affected primarily by tax rates in foreign jurisdictions and the relative amounts of income we earn in those jurisdictions, as well as non-deductible expenses, such as share-based compensation, and changes in our valuation allowance. See Note 14, Income Taxes, to the Consolidated Financial Statements for further information on the provision for income taxes.

Liquidity and Capital Resources

Since our inception, we have financed our operations primarily through sales of equity securities and cash generated from operations. Our principal uses of cash in recent periods have been funding our operations, investing in capital expenditures, and business and asset acquisitions.

As of December 31, 2023, our principal sources of liquidity were cash, cash equivalents, and short-term investments of $545.0 million. Cash and cash equivalents primarily consist of cash in banks and money market funds. Short-term investments generally consist of bank deposits, certificates of deposit, commercial paper, corporate debt securities, municipal securities, and government and agency debt. We believe our existing cash, cash equivalents, and short-term investments, together with cash provided by operations, will be sufficient to meet our needs for the next 12 months, as well as in the long-term.

Our future capital requirements will depend on many factors including our revenue growth rate, subscription renewal activity, billing frequency, the timing, and extent of spending to support further sales and marketing and research and development efforts, the continuing market acceptance of our products and services, as well as expenses associated with our international expansion, the timing, and extent of additional capital expenditures to invest in existing and new office spaces. We may in the future enter into arrangements to acquire or invest in complementary businesses, services, and technologies, including intellectual property rights. We may be required to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, our business, results of operations, and financial condition would be materially and adversely affected.

The following table summarizes our cash flows for the periods presented:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

 

(in thousands)

 

Net cash provided by operating activities

 

$

74,155

 

 

$

21,425

 

Net cash used in investing activities

 

$

(53,476

)

 

$

(53,338

)

Net cash provided by financing activities

 

$

18,371

 

 

$

11,027

 

Operating Activities

Net cash provided by operating activities of $74.2 million for the year ended December 31, 2023 was primarily related to our net loss of $61.3 million, adjusted for non-cash charges of $112.1 million, including share-based compensation expense of $95.2 million and depreciation and amortization of $15.3 million, and changes in our operating assets and liabilities of $23.3 million. The changes in operating assets and liabilities were primarily related to an increase of $38.4 million in deferred revenue and an increase of $10.7 million in accrued expense and other liabilities mainly due to higher accrued compensation and benefits,

63


partially offset by an increase of $14.1 million in accounts receivable, an increase of $7.8 million in net deferred contract acquisition costs, and a decrease of $7.7 million in operating lease liabilities primarily as a result of payments. The increases in deferred revenue, accounts receivable, and deferred contract acquisition costs were driven by higher sales.

Net cash provided by operating activities of $21.4 million for the year ended December 31, 2022 was primarily related to our net loss of $90.2 million, adjusted for non-cash charges of $94.8 million, including share-based compensation expense of $68.7 million and depreciation and amortization of $14.7 million, and changes in our operating assets and liabilities of $16.8 million. The changes in operating assets and liabilities were primarily related to an increase in deferred revenue of $28.6 million and a decrease in prepaid expenses and other assets of $9.3 million primarily due to the one-time acquisition holdback payments in 2021, partially offset by an increase in accounts receivable of $11.2 million, a decrease of $9.1 million in operating lease liabilities primarily as a result of payments, and an increase of $7.2 million in net deferred contract acquisition costs related to capitalized commissions. The increases in deferred revenue, accounts receivable, and deferred contract acquisition costs were driven by higher sales.

Investing Activities

Net cash used in investing activities of $53.5 million for the year ended December 31, 2023 consisted primarily of net purchase of short-term investments of $51.5 million.

Net cash used in investing activities of $53.3 million for the year ended December 31, 2022 consisted primarily of net purchase of short-term investments of $48.5 million and capital expenditure of $4.3 million.

Financing Activities

Net cash provided by financing activities of $18.4 million for the year ended December 31, 2023 consisted primarily of proceeds from exercise of share options of $10.0 million and proceeds from employee share purchases under our ESPP of $6.7 million.

Net cash provided by financing activities of $11.0 million for the year ended December 31, 2022 consisted primarily of proceeds from exercise of share options of $5.9 million and proceeds from employee share purchases under our ESPP of $5.2 million.

Contractual Obligations

The following table summarizes our non-cancellable contractual obligations as of December 31, 2023:

 

 

 

 

 

Payments Due by Period

 

 

 

Total

 

 

Short-term

 

 

Long-term

 

 

 

(in thousands)

 

Operating lease obligations

 

$

23,383

 

 

$

8,895

 

 

$

14,488

 

Purchase obligations

 

 

32,687

 

 

 

16,346

 

 

 

16,341

 

Total

 

$

56,070

 

 

$

25,241

 

 

$

30,829

 

The contractual commitment amounts in the table above are associated with agreements that are enforceable and legally binding. Purchase obligations represent our commitments primarily for hosting services, software products and services under contracts of 12 months or longer. Obligations under contracts that we can cancel without a significant penalty are not included in the table above. We believe we will have sufficient liquidity from our operations to fulfill the commitments.

Critical Accounting Estimates

Our consolidated financial statements are prepared in accordance with GAAP. The preparation of these consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue and expenses, as well as related disclosures. We evaluate our estimates and assumptions on an ongoing basis. Our estimates are based on historical experience and various other assumptions that we believe to be reasonable under the circumstances. As events continue to evolve and additional information becomes available, our estimates and assumptions may change materially in future periods. We believe our judgments and estimates associated with the determination of standalone selling price for each performance obligation in revenue recognition and accounting for income taxes, which we discuss further below, could have a material impact on our consolidated financial statements.

64


Please see Notes to Consolidated Financial Statements included in Part II, Item 8 of this Annual Report on Form 10-K for a summary of significant accounting policies and the effect on our financial statements.

Revenue Recognition

Revenue is recognized when a customer obtains control of promised goods or services are delivered. The amount of revenue recognized reflects the consideration that we expect to receive in exchange for these goods or services. Our contracts may contain multiple performance obligations, each of which is separately accounted for as a distinct performance obligation. To determine the standalone selling price for each performance obligation, we use observable standalone sales where available. In instances where observable standalone sales are not available, our estimate of the standalone selling price requires judgment. We consider multiple factors including market conditions, pricing strategies, the economic life of the software, and other observable inputs. We may also use the expected cost-plus margin approach to estimate the price we would charge if the products and services were sold separately. The standalone selling price is reassessed periodically or when facts and circumstances change.

Income taxes

We are subject to income taxes in Israel, the U.S., and other foreign jurisdictions. Significant judgment is required in determining the provision for income taxes and income tax assets and liabilities, including evaluating uncertainties in the application of accounting principles and complex tax laws. We recognize and measure benefits for uncertain tax positions using a two-step approach. The first step is to determine whether it is more likely than not that a tax position will be sustained upon examination, including the resolution of any related appeals or litigation based on the technical merits of that position. The second step is to measure a tax position that meets the more-likely-than-not threshold to determine the amount of benefit to be recognized in the financial statements. We evaluate uncertain tax positions on a quarterly basis, based upon a number of factors, including changes in facts or circumstances, changes in tax law, correspondence with tax authorities during the course of audits, and effective settlement of audit issues.

Significant judgment is also required in determining any valuation allowance against deferred tax assets. In assessing whether it is more likely than not that some portion or all of the deferred tax assets will not be realized, we consider all available evidence, including projected future taxable income, tax planning strategies, and past operating results. In the event that we change our determination, we will adjust our valuation allowance with a corresponding impact to the provision for income taxes in the period in which such determination is made.

Item 7A. Qualitative and Quantitative Disclosure about Market risk

We have operations in the United States and internationally, and we are exposed to market risk in the ordinary course of our business.

Foreign Currency Exchange Risk

Our revenue and expenses are primarily denominated in U.S. dollars. Our functional currency is the U.S. dollar. Substantially all of our sales are denominated in U.S. dollars, and therefore our revenue is not subject to significant foreign currency risk. However, a significant portion of our operating costs in Israel, consisting principally of salaries and related personnel expenses, and operating lease and facility expenses are denominated in NIS. This foreign currency exposure gives rise to market risk associated with exchange rate movements of the U.S. dollar against the NIS. Since the beginning of the war between Israel and Hamas, the volatility of NIS against the U.S. dollar has not materially affected the results of our business. We anticipate that a material portion of our expenses will continue to be denominated in NIS.

To reduce the impact of foreign exchange risks associated with forecasted future cash flows and certain existing assets and liabilities and the volatility in our Consolidated Statements of Operations, we have established a hedging program. Foreign currency contracts are generally utilized in this hedging program. Our foreign currency contracts are generally short-term in duration. We do not enter into derivative instruments for trading or speculative purposes. We account for our derivative instruments as either assets or liabilities and carry them at fair value in the Consolidated Balance Sheets. The accounting for changes in the fair value of the derivative depends on the intended use of the derivative and the resulting designation. Our hedging program reduces but does not eliminate the impact of currency exchange rate movements. The effect of a hypothetical 10% change in foreign currency exchange rates applicable to our business, after considering our hedging programs, would not have had a material impact on our results of operations for the years ended December 31, 2023, 2022, and 2021, respectively.

65


Our derivatives expose us to credit risk to the extent that the counterparties may be unable to meet the terms of the agreement. We seek to mitigate such risk by limiting our counterparties to major financial institutions and by spreading the risk across a number of major financial institutions. However, failure of one or more of these financial institutions is possible and could result in incurred losses.

As of December 31, 2023, our cash, cash equivalents, restricted cash, and short-term investments were primarily denominated in U.S. dollars. A 10% adverse change in current exchange rates would not have materially affected our cash, cash equivalents, restricted cash, and short-term investment balances as of December 31, 2023.

Interest Rate Risk

As of December 31, 2023, we had cash and cash equivalents of $84.8 million, and short-term investments of $460.2 million. Cash and cash equivalents primarily consist of cash in banks and money market funds. Short-term investments generally consist of bank deposits, certificates of deposit, commercial paper, corporate debt securities, municipal securities, and government and agency debt. Our cash, cash equivalents, and short-term investments are held for working capital purposes. The primary objectives of our investment activities are the preservation of capital, the fulfillment of liquidity needs and the fiduciary control of cash. We do not enter into investments for trading or speculative purposes. Such interest-earning instruments carry a degree of interest rate risk. Changes in interest rates affect the interest earned on our cash and cash equivalents and marketable securities, and the market value of those securities. A hypothetical 1% increase in interest rates would not have had a material impact on their fair value as of December 31, 2023.

Inflation Risk

We do not believe that inflation has had a material effect on our business, financial condition, or results of operations, other than its impact on the general economy. However, if our costs, in particular labor, sales and marketing, and hosting costs, were to become subject to inflationary pressures, we might not be able to fully offset such higher costs through price increases. Our inability or failure to do so could harm our business, financial condition, and results of operations.

66


Item 8. Financial Statements and Supplementary Data

 

JFROG LTD.

INDEX TO CONSOLIDATED FINANCIAL STATEMENTS

 

Page

Reports of Independent Registered Public Accounting Firm (PCAOB ID: 1281)

68

Consolidated Balance Sheets

72

Consolidated Statements of Operations

73

Consolidated Statements of Comprehensive Loss

74

Consolidated Statements of Shareholders’ Equity

75

Consolidated Statements of Cash Flows

76

Notes to Consolidated Financial Statements

77

 

67


 

REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

To the Shareholders and Board of Directors of JFrog Ltd.

Opinion on the Financial Statements

We have audited the accompanying consolidated balance sheets of JFrog Ltd. (the Company) as of December 31, 2023 and 2022, the related consolidated statements of operations, comprehensive loss, changes in shareholders’ equity and cash flows for each of the three years in the period ended December 31, 2023, and the related notes (collectively referred to as the “consolidated financial statements”). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company at December 31, 2023 and 2022, and the results of its operations and its cash flows for each of the three years in the period ended December 31, 2023, in conformity with U.S. generally accepted accounting principles.

We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company's internal control over financial reporting as of December 31, 2023, based on criteria established in Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) and our report dated February 15, 2024, expressed an unqualified opinion thereon.

Basis for Opinion

These financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.

Critical Audit Matter

The critical audit matter communicated below is a matter arising from the current period audit of the financial statements that was communicated or required to be communicated to the audit committee and that: (1) relates to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective or complex judgments. The communication of a critical audit matter does not alter in any way our opinion on the consolidated financial statements, taken as a whole, and we are not, by communicating the critical audit matter below, providing a separate opinion on the critical audit matter or on the accounts or disclosures to which it relates.

 

 

 

Revenue Recognition - Evaluation of SSPs for Self-managed subscription and license performance obligations

Description of the Matter

 

As discussed in Note 3 to the consolidated financial statements, the Company recognized Self-managed subscription revenue and Self-managed license revenue of $210.9 million and $19.7 million, respectively, for the year ended December 31, 2023. In establishing Standalone Selling Price ("SSP") for its Self-managed subscription and Self-managed license performance obligations the Company maximizes the use of observable standalone sales and observable data, where available. In instances where performance obligations do not have observable standalone sales, the Company utilizes available information that may include market conditions, pricing strategies, the economic life of the software, and other observable inputs or uses the expected cost-plus margin approach to estimate the price the Company would charge if the products and services were sold separately. The Company allocates the transaction price of Self-managed transactions to each performance obligation on a relative SSP basis.

68


 

 

We identified the evaluation of SSPs for Self-managed subscription and Self-managed license performance obligations as a critical audit matter. An extensive audit effort as well as a high degree of subjective auditor judgment was required to evaluate the Company's inputs and factors used to estimate the SSPs, including sales prices for bundled arrangements and expected cost plus margin.

 

How We Addressed the Matter in Our Audit

 

The primary procedures we performed to address this critical audit matter included the following: We tested certain internal controls over the Company's revenue process, including controls over the development of SSPs and the relevance and reliability of the underlying data. Our audit procedures also included, among others, (i) testing management’s process for determining the estimate of SSP, including the evaluation of the reasonableness of factors considered by management, such as historical sales, the allocation of expenses, which are driven by the roles and responsibility of each department and appropriate margins (ii) evaluating the methodologies used to develop the SSP for each performance obligation and (iii) evaluating the completeness and accuracy of the data and factors used in managements determination of SSP for each performance obligation.

 

/s/ KOST FORER GABBAY & KASIERER

A Member of Ernst & Young Global

We have served as the Company’s auditor since 2010.

Tel-Aviv, Israel

February 15, 2024

 

69


REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

To the Shareholders and Board of Directors of JFrog Ltd.

Opinion on Internal Control Over Financial Reporting

We have audited JFrog Ltd.'s internal control over financial reporting as of December 31, 2023, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) (the COSO criteria). In our opinion, JFrog Ltd. (the Company) maintained, in all material respects, effective internal control over financial reporting as of December 31, 2023, based on the COSO criteria.

We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated balance sheets of the Company as of December 31, 2023 and 2022, the related consolidated statements of operations, comprehensive loss, changes in shareholders’ equity and cash flows for each of the three years in the period ended December 31, 2023, and the related notes and our report dated February 15, 2024 expressed an unqualified opinion thereon.

Basis for Opinion

 

The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting included in the accompanying Management’s Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects.

Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.

Definition and Limitations of Internal Control Over Financial Reporting

 

A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.

 

70


Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

 

/s/ KOST FORER GABBAY & KASIERER

A Member of Ernst & Young Global

Tel-Aviv, Israel

February 15, 2024

71


JFROG LTD.

Consolidated Balance SheetS

(in thousands, except share and per share data)

 

 

 

As of December 31,

 

 

 

2023

 

 

2022

 

Assets

 

 

 

 

 

 

Current assets:

 

 

 

 

 

 

Cash and cash equivalents

 

$

84,765

 

 

$

45,595

 

Short-term investments

 

 

460,245

 

 

 

397,605

 

Accounts receivable, net

 

 

76,437

 

 

 

62,117

 

Deferred contract acquisition costs

 

 

11,378

 

 

 

8,102

 

Prepaid expenses and other current assets

 

 

12,976

 

 

 

18,603

 

Total current assets

 

 

645,801

 

 

 

532,022

 

Property and equipment, net

 

 

6,663

 

 

 

8,021

 

Deferred contract acquisition costs, noncurrent

 

 

18,032

 

 

 

13,501

 

Operating lease right-of-use assets

 

 

22,427

 

 

 

24,602

 

Intangible assets, net

 

 

25,768

 

 

 

37,544

 

Goodwill

 

 

247,955

 

 

 

247,955

 

Other assets, noncurrent

 

 

5,910

 

 

 

7,576

 

Total assets

 

$

972,556

 

 

$

871,221

 

Liabilities and Shareholders’ Equity

 

 

 

 

 

 

Current liabilities:

 

 

 

 

 

 

Accounts payable

 

$

16,970

 

 

$

14,867

 

Accrued expenses and other current liabilities

 

 

35,815

 

 

 

28,848

 

Operating lease liabilities

 

 

8,272

 

 

 

7,132

 

Deferred revenue

 

 

201,118

 

 

 

158,725

 

Total current liabilities

 

 

262,175

 

 

 

209,572

 

Deferred revenue, noncurrent

 

 

12,987

 

 

 

16,990

 

Operating lease liabilities, noncurrent

 

 

13,954

 

 

 

16,829

 

Other liabilities, noncurrent

 

 

4,317

 

 

 

3,057

 

Total liabilities

 

 

293,433

 

 

 

246,448

 

Commitments and contingencies (Note 11)

 

 

 

 

 

 

Shareholders’ equity:

 

 

 

 

 

 

Preferred shares, NIS 0.01 par value per share; 50,000,000 shares authorized; 0 issued and outstanding as of December 31, 2023 and December 31, 2022

 

 

 

 

 

 

Ordinary shares, NIS 0.01 par value per share, 500,000,000 shares authorized; and 106,114,892 and 100,907,857 shares issued and outstanding as of December 31, 2023 and December 31, 2022, respectively

 

 

297

 

 

 

283

 

Additional paid-in capital

 

 

968,245

 

 

 

856,438

 

Accumulated other comprehensive income (loss)

 

 

1,013

 

 

 

(2,772

)

Accumulated deficit

 

 

(290,432

)

 

 

(229,176

)

Total shareholders’ equity

 

 

679,123

 

 

 

624,773

 

Total liabilities and shareholders’ equity

 

$

972,556

 

 

$

871,221

 

 

The accompanying notes are an integral part of these consolidated financial statements.

72


JFROG LTD.
CONSOLIDATED STATEMENTS OF OPERATIONS

(in thousands, except share and per share data)

 

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

Revenue:

 

 

 

 

 

 

 

 

 

Subscription—self-managed and SaaS

 

$

330,193

 

 

$

261,452

 

 

$

190,046

 

License—self-managed

 

 

19,693

 

 

 

18,588

 

 

 

16,637

 

Total subscription revenue

 

 

349,886

 

 

 

280,040

 

 

 

206,683

 

Cost of revenue:

 

 

 

 

 

 

 

 

 

Subscription—self-managed and SaaS

 

 

76,244

 

 

 

61,407

 

 

 

41,023

 

License—self-managed

 

 

799

 

 

 

880

 

 

 

800

 

Total cost of revenue—subscription

 

 

77,043

 

 

 

62,287

 

 

 

41,823

 

Gross profit

 

 

272,843

 

 

 

217,753

 

 

 

164,860

 

Operating expenses:

 

 

 

 

 

 

 

 

 

Research and development

 

 

134,584

 

 

 

121,225

 

 

 

79,604

 

Sales and marketing

 

 

150,675

 

 

 

130,812

 

 

 

96,962

 

General and administrative

 

 

63,132

 

 

 

55,556

 

 

 

56,663

 

Total operating expenses

 

 

348,391

 

 

 

307,593

 

 

 

233,229

 

Operating loss

 

 

(75,548

)

 

 

(89,840

)

 

 

(68,369

)

Interest and other income, net

 

 

21,032

 

 

 

5,094

 

 

 

744

 

Loss before income taxes

 

 

(54,516

)

 

 

(84,746

)

 

 

(67,625

)

Income tax expense (benefit)

 

 

6,740

 

 

 

5,438

 

 

 

(3,422

)

Net loss

 

$

(61,256

)

 

$

(90,184

)

 

$

(64,203

)

 

 

 

 

 

 

 

 

 

 

Net loss per share, basic and diluted

 

$

(0.59

)

 

$

(0.91

)

 

$

(0.68

)

Weighted-average shares used in computing net loss per share, basic and diluted

 

 

103,317,759

 

 

 

99,243,894

 

 

 

94,783,082

 

 

The accompanying notes are an integral part of these consolidated financial statements.

73


JFROG LTD.

CONSOLIDATED STATEMENTS OF COMPREHENSIVE LOSS

(in thousands)

 

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

 

 

 

 

 

 

 

 

 

 

Net loss

 

$

(61,256

)

 

$

(90,184

)

 

$

(64,203

)

Other comprehensive income, net of tax:

 

 

 

 

 

 

 

 

 

Net change in unrealized gains (losses) on available-for-sale marketable securities, net of tax

 

 

1,570

 

 

 

(1,430

)

 

 

(195

)

Net change in unrealized gains (losses) on derivative instruments, net of tax

 

 

2,215

 

 

 

(1,953

)

 

 

434

 

Other comprehensive income (loss), net of tax

 

 

3,785

 

 

 

(3,383

)

 

 

239

 

Comprehensive loss

 

$

(57,471

)

 

$

(93,567

)

 

$

(63,964

)

 

The accompanying notes are an integral part of these consolidated financial statements.

74


JFROG LTD.

CONSOLIDATED STATEMENTS OF SHAREHOLDERS’ EQUITY

(in thousands, except share data)

 

 

 

Ordinary Shares

 

 

Additional
Paid-in

 

 

Accumulated
Other
Comprehensive

 

 

Accumulated

 

 

Total
Shareholders’

 

 

 

Shares

 

 

Amount

 

 

Capital

 

 

Income (Loss)

 

 

Deficit

 

 

Equity

 

Balance as of December 31, 2020

 

 

92,112,447

 

 

$

257

 

 

$

628,054

 

 

$

372

 

 

$

(74,789

)

 

$

553,894

 

Issuance of ordinary shares upon exercise of share options

 

 

2,538,063

 

 

 

7

 

 

 

6,830

 

 

 

 

 

 

 

 

 

6,837

 

Issuance of ordinary shares upon release of restricted share units

 

 

643,980

 

 

 

2

 

 

 

(2

)

 

 

 

 

 

 

 

 

 

Issuance of ordinary shares under the employee share purchase plan

 

 

94,638

 

 

 

 

 

 

3,092

 

 

 

 

 

 

 

 

 

3,092

 

Issuance of ordinary shares related to business combination

 

 

1,922,912

 

 

 

6

 

 

 

81,767

 

 

 

 

 

 

 

 

 

81,773

 

Share-based compensation expense

 

 

 

 

 

 

 

 

56,949

 

 

 

 

 

 

 

 

 

56,949

 

Other comprehensive income, net of tax

 

 

 

 

 

 

 

 

 

 

 

239

 

 

 

 

 

 

239

 

Net loss

 

 

 

 

 

 

 

 

 

 

 

 

 

 

(64,203

)

 

 

(64,203

)

Balance as of December 31, 2021

 

 

97,312,040

 

 

 

272

 

 

 

776,690

 

 

 

611

 

 

 

(138,992

)

 

 

638,581

 

Issuance of ordinary shares upon exercise of share options

 

 

2,142,019

 

 

 

6

 

 

 

5,916

 

 

 

 

 

 

 

 

 

5,922

 

Issuance of ordinary shares upon release of restricted share units

 

 

1,088,655

 

 

 

4

 

 

 

(4

)

 

 

 

 

 

 

 

 

 

Issuance of ordinary shares under the employee share purchase plan

 

 

261,494

 

 

 

1

 

 

 

5,175

 

 

 

 

 

 

 

 

 

5,176

 

Issuance of ordinary shares related to business combination

 

 

103,649

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Share-based compensation expense

 

 

 

 

 

 

 

 

68,661

 

 

 

 

 

 

 

 

 

68,661

 

Other comprehensive loss, net of tax

 

 

 

 

 

 

 

 

 

 

 

(3,383

)

 

 

 

 

 

(3,383

)

Net loss

 

 

 

 

 

 

 

 

 

 

 

 

 

 

(90,184

)

 

 

(90,184

)

Balance as of December 31, 2022

 

 

100,907,857

 

 

 

283

 

 

 

856,438

 

 

 

(2,772

)

 

 

(229,176

)

 

 

624,773

 

Issuance of ordinary shares upon exercise of share options

 

 

1,899,722

 

 

 

5

 

 

 

9,980

 

 

 

 

 

 

 

 

 

9,985

 

Issuance of ordinary shares upon release of restricted share units

 

 

2,882,729

 

 

 

8

 

 

 

(8

)

 

 

 

 

 

 

 

 

 

Issuance of ordinary shares under the employee share purchase plan

 

 

369,118

 

 

 

1

 

 

 

6,664

 

 

 

 

 

 

 

 

 

6,665

 

Issuance of ordinary shares related to business combination

 

 

55,466

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Share-based compensation expense

 

 

 

 

 

 

 

 

95,171

 

 

 

 

 

 

 

 

 

95,171

 

Other comprehensive income, net of tax

 

 

 

 

 

 

 

 

 

 

 

3,785

 

 

 

 

 

 

3,785

 

Net loss

 

 

 

 

 

 

 

 

 

 

 

 

 

 

(61,256

)

 

 

(61,256

)

Balance as of December 31, 2023

 

 

106,114,892

 

 

$

297

 

 

$

968,245

 

 

$

1,013

 

 

$

(290,432

)

 

$

679,123

 

 

The accompanying notes are an integral part of these consolidated financial statements.

75


JFROG LTD.

Consolidated StatementS of Cash Flows

(in thousands)

 

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

Cash flows from operating activities:

 

 

 

 

 

 

 

 

 

Net loss

 

$

(61,256

)

 

$

(90,184

)

 

$

(64,203

)

Adjustments to reconcile net loss to net cash provided by operating activities:

 

 

 

 

 

 

 

 

 

Depreciation and amortization

 

 

15,303

 

 

 

14,655

 

 

 

8,746

 

Share-based compensation expense

 

 

95,171

 

 

 

68,661

 

 

 

56,949

 

Non-cash operating lease expense

 

 

8,457

 

 

 

7,357

 

 

 

6,108

 

Net amortization of premium or discount on investments

 

 

(6,405

)

 

 

2,354

 

 

 

5,522

 

Losses (gains) on foreign exchange

 

 

(421

)

 

 

1,799

 

 

 

 

Changes in operating assets and liabilities, net of business combinations:

 

 

 

 

 

 

 

 

 

Accounts receivable

 

 

(14,109

)

 

 

(11,186

)

 

 

(12,810

)

Prepaid expenses and other assets

 

 

2,162

 

 

 

9,286

 

 

 

(17,715

)

Deferred contract acquisition costs

 

 

(7,807

)

 

 

(7,212

)

 

 

(6,195

)

Accounts payable

 

 

1,705

 

 

 

4,102

 

 

 

504

 

Accrued expenses and other liabilities

 

 

10,681

 

 

 

2,242

 

 

 

13,089

 

Operating lease liabilities

 

 

(7,716

)

 

 

(9,058

)

 

 

(5,051

)

Deferred revenue

 

 

38,390

 

 

 

28,609

 

 

 

42,958

 

Net cash provided by operating activities

 

 

74,155

 

 

 

21,425

 

 

 

27,902

 

Cash flows from investing activities:

 

 

 

 

 

 

 

 

 

Purchases of short-term investments

 

 

(392,406

)

 

 

(411,242

)

 

 

(266,319

)

Maturities and sales of short-term investments

 

 

340,912

 

 

 

362,711

 

 

 

341,354

 

Purchases of property and equipment

 

 

(1,982

)

 

 

(4,328

)

 

 

(4,228

)

Payments for business combinations, net of cash acquired

 

 

 

 

 

(179

)

 

 

(195,752

)

Purchases of intangible asset

 

 

 

 

 

(300

)

 

 

(600

)

Net cash used in investing activities

 

 

(53,476

)

 

 

(53,338

)

 

 

(125,545

)

Cash flows from financing activities:

 

 

 

 

 

 

 

 

 

Proceeds from exercise of share options

 

 

9,985

 

 

 

5,922

 

 

 

6,837

 

Proceeds from employee share purchase plan

 

 

6,665

 

 

 

5,176

 

 

 

3,092

 

Proceeds from employee equity transactions, net of payments to tax authorities

 

 

1,721

 

 

 

(71

)

 

 

(8,485

)

Net cash provided by financing activities

 

 

18,371

 

 

 

11,027

 

 

 

1,444

 

Effect of exchange rate changes on cash, cash equivalents and restricted cash

 

 

120

 

 

 

(2,047

)

 

 

 

Net increase (decrease) in cash, cash equivalents, and restricted cash

 

 

39,170

 

 

 

(22,933

)

 

 

(96,199

)

Cash, cash equivalents, and restricted cash—beginning of period

 

 

45,607

 

 

 

68,540

 

 

 

164,739

 

Cash, cash equivalents, and restricted cash—end of period

 

$

84,777

 

 

$

45,607

 

 

$

68,540

 

Supplemental disclosure of cash flow information:

 

 

 

 

 

 

 

 

 

Income tax payments (refunds)

 

$

4,998

 

 

$

(1,709

)

 

$

153

 

Supplemental disclosure of noncash investing and financing activities:

 

 

 

 

 

 

 

 

 

Purchase of property and equipment during the period included in accounts payable

 

$

187

 

 

$

91

 

 

$

509

 

Reconciliation of cash, cash equivalents, and restricted cash within the Consolidated Balance Sheets to the amounts shown in the Consolidated Statements of Cash Flows above:

 

 

 

 

 

 

 

 

 

Cash and cash equivalents

 

$

84,765

 

 

$

45,595

 

 

$

68,284

 

Restricted cash included in prepaid expenses and other current assets

 

 

12

 

 

 

12

 

 

 

13

 

Restricted cash included in other assets, noncurrent

 

 

 

 

 

 

 

 

243

 

Total cash, cash equivalents, and restricted cash

 

$

84,777

 

 

$

45,607

 

 

$

68,540

 

 

The accompanying notes are an integral part of these consolidated financial statements.

76


JFrog Ltd.

Notes to Consolidated Financial Statements

1. Organization and Description of Business

JFrog Ltd. (together with its subsidiaries, “JFrog”, or the “Company”) was incorporated under the laws of the State of Israel in 2008. JFrog provides an end-to-end, hybrid, universal Software Supply Chain Platform that enables organizations to continuously and securely create and deliver software updates across any system. This platform is the critical bridge between software development and deployment of that software, paving the way for modern software supply chain management and software release processes. The Company enables organizations to build and release software faster and more securely while empowering developers, security teams and Machine Learning Operations teams to be more efficient. The Company’s solutions are designed to run on-premise, in public or private clouds, or in hybrid environments.

2. Summary of Significant Accounting Policies

Basis of Presentation

The accompanying consolidated financial statements have been prepared in accordance with accounting principles generally accepted in the United States of America (“GAAP”) and include the accounts of JFrog Ltd. and its wholly owned subsidiaries. All intercompany balances and transactions have been eliminated in consolidation.

Use of Estimates

The preparation of consolidated financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the consolidated financial statements and the reported amounts of revenue and expenses during the reporting periods and accompanying notes. Significant items subject to such estimates and assumptions include, but are not limited to, the allocation of transaction price among various performance obligations, the estimated benefit period of deferred contract acquisition costs, the allowance for credit losses, the fair value of acquired intangible assets and goodwill, the useful lives of acquired intangible assets and property and equipment, the incremental borrowing rate for operating leases, and the valuation of deferred tax assets and uncertain tax positions. The Company bases these estimates on historical and anticipated results, trends and various other assumptions that it believes are reasonable under the circumstances, including assumptions as to future events. Actual results could differ from those estimates.

Foreign Currency

The functional currency of the Company is the U.S. dollar. Accordingly, foreign currency assets and liabilities are remeasured into U.S. dollars at the end-of-period exchange rates except for non-monetary assets and liabilities, which are measured at historical exchange rates. Revenue and expenses are remeasured each day at the exchange rate in effect on the day the transaction occurred. Gains or losses from foreign currency re-measurement and settlements are included in interest and other income, net in the Consolidated Statement of Operations.

Concentration of Risks

Financial instruments that potentially subject the Company to a concentration of credit risk consist of cash and cash equivalents, restricted cash, short-term investments, accounts receivable, and derivative instruments. The Company maintains its cash, cash equivalents, restricted cash, and short-term investments with high-quality financial institutions mainly in the U.S. and Israel, and regularly monitors their composition and maturities. The Company’s derivatives expose it to credit risk to the extent that the counterparties may be unable to meet the terms of the agreement. The Company seeks to mitigate such risk by limiting its counterparties to major financial institutions and by spreading the risk across a number of major financial institutions. In addition, the potential risk of loss with any one counterparty resulting from this type of credit risk is monitored on an ongoing basis. The Company grants credit to its customers in the normal course of business.

As of December 31, 2023 and 2022, no single customer represented 10% or more of accounts receivable. No single customer accounted for more than 10% of total revenue for the periods presented.

77


Cash, Cash Equivalents, and Restricted Cash

Cash and cash equivalents consist of cash in banks and highly liquid investments with an original maturity of three months or less at the date of purchase. The Company maintains certain cash amounts restricted as to its withdrawal or use. The Company’s restricted cash primarily consists of bank deposits collateralizing the Company’s credit cards and operating leases.

Short-Term Investments

Short-term investments consist of bank deposits and marketable securities. Bank deposits are time deposits with an original maturity of more than three months but less than one year from the date of investment. Bank deposits are presented at cost with accrued interest.

Marketable securities consist of fixed-income debt securities with maturity of greater than three months at the date of purchase. The Company classifies its marketable securities as available-for-sale at the time of purchase and reevaluates such classification at each balance sheet date. The Company may sell these securities at any time for use in current operations even if they have not yet reached maturity. As a result, the Company classifies its marketable securities, including those with maturities beyond 12 months, as current assets in the Consolidated Balance Sheets. The Company carries these securities at fair value and records unrealized gains and losses, net of taxes, in accumulated other comprehensive income (“AOCI”) as a component of shareholders’ equity (deficit), except for changes in allowance for expected credit losses, which is recorded in interest and other income, net. Gains and losses are determined using the specific identification method and recognized when realized in the Consolidated Statements of Operations.

The Company periodically evaluates its available-for-sale debt securities for impairment. If the amortized cost of an individual security exceeds its fair value, the Company considers its intent to sell the security or whether it is more likely than not that it will be required to sell the security before recovery of its amortized basis. If either of these criteria are met, the Company writes down the security to its fair value and records the impairment charge in interest and other income, net in the Consolidated Statements of Operations. If neither of these criteria are met, the Company determines whether credit loss exists. Credit loss is estimated by considering changes to the rating of the security by a rating agency, any adverse conditions specifically related to the security, as well as other factors.

Fair Value Measurements

Fair value is defined as the exchange price that would be received from the sale of an asset or paid to transfer a liability in the principal or most advantageous market for the asset or liability in an orderly transaction between market participants on the measurement date. The Company measures financial assets and liabilities at fair value at each reporting period using a fair value hierarchy which requires the Company to maximize the use of observable inputs and minimize the use of unobservable inputs when measuring fair value. A financial instrument’s classification within the fair value hierarchy is based upon the lowest level of input that is significant to the fair value measurement. Three levels of inputs may be used to measure fair value:

Level 1 – Quoted prices in active markets for identical assets or liabilities.

Level 2 – Inputs other than Level 1 that are observable, either directly or indirectly, such as quoted prices for similar assets or liabilities; quoted prices in markets that are not active; or other inputs that are observable or can be corroborated by observable market data for substantially the full term of the assets or liabilities.

Level 3 – Unobservable inputs that are supported by little or no market activity and that are significant to the fair value of the assets or liabilities.

Financial instruments consist of cash equivalents, restricted cash, short-term investments, accounts receivables, derivative financial instruments, accounts payables, and accrued liabilities. Cash equivalents, marketable securities, derivative financial instruments, and restricted cash are stated at fair value on a recurring basis. Bank deposits, accounts receivable, accounts payable, and accrued liabilities are stated at their carrying value, which approximates fair value due to the short time to the expected receipt or payment date.

78


Accounts Receivable, Net

Accounts receivable are recorded at the invoiced amount and amounts for which revenue has been recognized but not invoiced, net of allowance for credit losses. The allowance for credit losses is based on the Company’s assessment of the collectability of accounts. The Company regularly assessed collectability based on a combination of factors, including an assessment of the current customer’s aging balance, the nature and size of the customer, the financial condition of the customer, and the amount of any receivables in dispute. Accounts receivable deemed uncollectible are charged against the allowance for credit losses when identified. The allowance of credit losses was not material for the periods presented.

Derivative Financial Instruments

The Company enters into foreign currency forward and option contracts with financial institutions to protect against foreign exchange risks, mainly the exposure to changes in the exchange rate of the New Israeli Shekel (“NIS”) against the U.S. dollar that are associated with forecasted future cash flows and certain existing assets and liabilities for up to twelve months. The Company’s primary objective in entering into these contracts is to reduce the volatility of earnings and cash flows associated with changes in foreign currency exchange rates. The Company does not use derivative instruments for trading or speculative purposes.

The Company recognizes its derivative instruments as either prepaid expenses and other current assets or accrued expenses and other current liabilities in the Consolidated Balance Sheets and carries them at fair value. The accounting for changes in the fair value of a derivative depends on the intended use of the derivative and the resulting designation. Derivative instruments that hedge the exposure to variability in expected future cash flows are designated as cash flow hedges. Changes in the fair value of these derivatives are recorded in AOCI in the Consolidated Balance Sheets, until the forecasted transaction occurs. Upon occurrence, the Company reclassifies the related gains or losses on the derivative to the same financial statement line item in the Consolidated Statements of Operations to which the derivative relates. In case the Company discontinues cash flow hedges, it records the related amount in interest and other income, net, on the Consolidated Statements of Operations. Derivative instruments that hedge the exposure to variability in the fair value of assets or liabilities are currently not designated as hedges for financial reporting purposes. The Company records changes in the fair value of these derivatives in interest and other income, net in the Consolidated Statements of Operations. The cash flows from the derivative instruments are recorded in operating activities in the Consolidated Statements of Cash Flows.

Contract Balances

Contract assets consist of unbilled accounts receivable, which occur when a right to consideration for the Company’s performance under the customer contract occurs before invoicing to the customer. The amount of unbilled accounts receivable included within accounts receivable, net on the Consolidated Balance Sheets was immaterial for the periods presented.

Contract liabilities consist of deferred revenue. Revenue is deferred when the Company invoices in advance of performance under a contract. The current portion of the deferred revenue balance is recognized as revenue during the 12-month period after the balance sheet date. The noncurrent portion of the deferred revenue balance is recognized as revenue following the 12-month period after the balance sheet date.

Cost to Obtain a Contract

The Company capitalizes sales commissions and associated payroll taxes paid to sales personnel and commissions paid to channel partners that are incremental to the acquisition of customer contracts. These costs are recorded as deferred contract acquisition costs on the Consolidated Balance Sheets. The Company determines whether costs should be deferred based on its sales compensation plans and channel partner programs and if the commissions are incremental and would not have occurred absent the customer contract.

Sales commissions for the renewal of a contract are not considered commensurate with the sales commissions paid for the acquisition of the initial contract given a substantive difference in commission rates in proportion to their respective contract values, and thus are amortized over the contractual term of the renewals. Sales commissions paid upon the initial acquisition of a customer contract are amortized over an estimated period of benefit of four years, determined by taking into consideration the estimated customer life and the technological life of the Company’s software and other factors. Amortization of sales commissions are consistent with the pattern of revenue recognition of each performance obligation and are included primarily in sales and marketing expense in the Consolidated Statements of Operations.

79


The Company expenses costs to obtain a contract with a customer as incurred when the amortization period would have been one year or less.

The Company periodically reviews these deferred contract acquisition costs to determine whether events or changes in circumstances have occurred that could impact the period of benefit. There were no impairment losses recorded during the periods presented.

Property and Equipment, Net

Property and equipment are stated at cost net of accumulated depreciation. Depreciation is calculated using the straight-line method over the estimated useful lives of the respective assets. Expenditures for maintenance and repairs are expensed as incurred.

The estimated useful lives of the Company’s property and equipment are as follows:

Computer and software

 

3 years

Furniture and office equipment

 

3 - 7 years

Leasehold improvements

 

Shorter of remaining lease term or estimated useful life

 

Capitalized Software Costs

Software development costs for software to be sold, leased, or otherwise marketed are expensed as incurred until the establishment of technological feasibility, at which time those costs are capitalized until the product is available for general release to customers and amortized over the estimated life of the product. Technological feasibility is established when all planning, designing, coding and testing necessary to meet the product’s design specifications have been completed. Maintenance costs are expensed as incurred. The amount of qualifying costs for capitalization incurred was immaterial for the periods presented because the general release process for most of the Company’s products is essentially completed concurrently with the establishment of technological feasibility.

Costs related to software acquired, developed, or modified solely to meet the Company’s internal requirements, with no substantive plans to market such software at the time of development are capitalized. Costs incurred during the preliminary planning and evaluation stage of the project and during the post implementation operational stage are expensed as incurred. Costs incurred during the application development stage of the project are capitalized. Maintenance costs are expensed as incurred. The amount of qualifying costs for capitalization incurred was immaterial for the periods presented.

Leases

The Company determines if an arrangement is a lease at inception. The Company currently does not have any finance leases.

Operating lease right-of-use (“ROU”) assets and liabilities are recognized at the present value of the future lease payments at the lease commencement date. The Company combines its lease payments and fixed payments for non-lease components and account for them together as a single lease component. Operating lease ROU assets also include any prepaid lease payments. Certain lease agreements include rental payments adjusted periodically for the consumer price index (“CPI”). The ROU and lease liability were calculated using the initial CPI and will not be subsequently adjusted. Payments for variable lease costs are expensed as incurred and not included in the operating lease ROU assets and liabilities. For short-term leases with a term of 12 months or less, operating lease ROU assets and liabilities are not recognized and the Company records lease payments in the Consolidated Statements of Operations on a straight-line basis over the lease term.

The interest rate used to determine the present value of the future lease payments is the Company’s incremental borrowing rate, because the interest rate implicit in the Company’s leases is not readily determinable. The Company’s incremental borrowing rate is estimated to approximate the interest rate on a collateralized basis with similar terms and payments, and in economic environments where the leased asset is located. Many of the Company’s lease agreements provide one or more options to renew. When determining lease terms, the Company uses the non-cancellable period of the leases and do not assume renewals unless it is reasonably certain that the Company will exercise that option. Operating lease expense is recognized on a straight-line basis over the lease term.

80


Business and Asset Acquisitions

When the Company acquires a business, the purchase price is allocated to the tangible and identifiable intangible assets, net of liabilities assumed. Any residual purchase price is recorded as goodwill. The allocation of the purchase price requires management to make significant estimates in determining the fair values of assets acquired and liabilities assumed, especially with respect to intangible assets. These estimates can include, but are not limited to, the cash flows that an asset is expected to generate in the future, the appropriate weighted-average cost of capital and the cost savings expected to be derived from acquiring an asset. These estimates are inherently uncertain and unpredictable. During the measurement period, which may be up to one year from the acquisition date, adjustments to the fair value of these tangible and intangible assets acquired and liabilities assumed may be recorded, with the corresponding offset to goodwill. Upon the conclusion of the measurement period or final determination of the fair value of assets acquired or liabilities assumed, whichever comes first, any subsequent adjustments are recorded to the Company’s Consolidated Statements of Operations.

The Company accounts for a transaction as an asset acquisition when substantially all of the fair value of the gross assets acquired is concentrated in a single identifiable asset or group of similar identifiable assets, or otherwise does not meet the definition of a business. Asset acquisition-related costs are capitalized as part of the asset or assets acquired.

Goodwill and Intangible Assets

Goodwill is not amortized but rather tested for impairment at least annually in the fourth quarter, or more frequently if events or changes in circumstances indicate that goodwill may be impaired. Goodwill represents the excess of the purchase price over the fair value of net assets acquired in a business combination and is allocated to reporting units expected to benefit from the business combination. The Company has determined that it has one operating segment and one reporting unit. Goodwill impairment is recognized when the quantitative assessment results in the carrying value exceeding the fair value, in which case an impairment charge is recorded to the extent the carrying value exceeds the fair value. There were no impairment charges to goodwill during the periods presented.

Intangible assets are amortized on a straight-line basis over the estimated useful life of the respective asset. Each period the Company evaluates the estimated remaining useful lives of its intangible assets and whether events or changes in circumstances warrant a revision to the remaining period of amortization.

The estimated useful lives of the Company’s intangible assets are as follows:

Developed technology

 

3 - 6 years

Customer relationships

 

3 - 6 years

Other intangible assets

 

3 years

 

Impairment of Long-Lived Assets

The Company evaluates the recoverability of long-lived assets, including property and equipment and intangible assets for possible impairment whenever events or circumstances indicate that the carrying amount of such assets may not be fully recoverable. Such events and changes may include significant changes in performance relative to expected operating results, significant changes in asset use, significant negative industry or economic trends, and changes in the Company’s business strategy. Recoverability of these assets is measured by a comparison of the carrying amounts to the future undiscounted cash flows the assets are expected to generate. If such review indicates that the carrying amount of long-lived assets is not recoverable, the carrying amount of such assets is reduced to fair value. There were no impairment charges to long-lived assets during the periods presented.

Revenue Recognition

The Company’s revenues are comprised of revenue from self-managed subscriptions and SaaS subscriptions. Subscriptions to the Company’s self-managed software include license, support, and upgrades and updates on a when-and-if-available basis. The Company’s SaaS subscriptions provide access to the Company’s latest managed version of its product hosted in a public cloud. Self-managed subscriptions and SaaS subscriptions are both offered on an annual and multi-year basis, with the exception of certain SaaS subscriptions, which are also offered on a monthly basis. The Company’s annual and multi-year subscriptions are typically invoiced and collected at the beginning of the contract term or in annual installments. The Company’s monthly SaaS subscriptions are typically billed in arrears. For SaaS subscriptions with a minimum usage commitment, the Company typically

81


invoices and collects the commitment amount at the time of entering into the contract, with any usage in excess of the committed contracted amount billed monthly in arrears.

Revenue is recognized when a customer obtains control of promised goods or services are delivered. The amount of revenue recognized reflects the consideration that the Company expects to receive in exchange for these goods or services. To achieve the core principle of this standard, the Company applied the following five steps:

1. Identification of the contract, or contracts, with the customer

The Company determines that it has a contract with a customer when each party’s rights regarding the products or services to be transferred can be identified, the payment terms for the services can be identified, the Company has determined the customer has the ability and intent to pay, and the contract has commercial substance. At contract inception, the Company evaluates whether two or more contracts should be combined and accounted for as a single contract and whether the combined or single contract includes more than one performance obligation.

2. Identification of the performance obligations in the contract

Performance obligations promised in a contract are identified based on the products and services that will be transferred to the customer that are both capable of being distinct, whereby the customer can benefit from the products or services either on their own or together with other resources that are readily available from third parties or from the Company, and are distinct in the context of the contract, whereby the transfer of the products and services is separately identifiable from other promises in the contract.

For self-managed subscriptions, the Company’s performance obligations include license for proprietary features of software, support, and upgrades and updates to the software on a when-and-if-available basis. The license provides standalone functionality to the customer and is therefore deemed a distinct performance obligation. Performance obligations related to support as well as upgrades and updates to the software on a when-and-if-available basis generally have a consistent continuous pattern of transfer to a customer during the contract period.

For SaaS subscriptions, the Company provides access to its cloud-hosted software, without providing the customer with the right to take possession of its software, which the Company considers to be a single performance obligation.

3. Determination of the transaction price

The transaction price is determined based on the consideration to which the Company expects to be entitled in exchange for transferring products or delivery of services to the customer. Payment terms and conditions vary by contract type, although terms generally include a requirement to pay within 30 days. In instances where the timing of revenue recognition differs from the timing of invoicing, the Company has determined its contracts generally do not include a significant financing component. The primary purpose of the Company’s invoicing terms is to provide customers with simplified and predictable ways of purchasing its products and services, not to receive financing from its customers or to provide customers with financing. The Company has elected to apply the practical expedient such that it does not evaluate payment terms of one year or less for the existence of a significant financing component. Revenue is recognized net of any taxes collected from customers which are subsequently remitted to governmental entities (for example, sales tax and other indirect taxes). The Company does not offer right of refund in its contracts.

4. Allocation of the transaction price to the performance obligations in the contract

If the contract contains a single performance obligation, the entire transaction price is allocated to the single performance obligation. For contracts that contain multiple performance obligations, the Company allocates the transaction price for each contract to each performance obligation based on the relative standalone selling price (“SSP”) for each performance obligation. The Company uses judgment in determining the SSP for its products and services. The Company typically assesses the SSP for its products and services on a periodic basis or when facts and circumstances change. To determine SSP, the Company maximizes the use of observable standalone sales and observable data, where available. In instances where performance obligations do not have observable standalone sales, the Company utilizes available information that may include market conditions, pricing strategies, the economic life of the software, and other observable inputs or uses the expected cost-plus margin approach to estimate the price the Company would charge if the products and services were sold separately.

82


5. Recognition of the revenue when, or as, a performance obligation is satisfied

Revenue is recognized at the time the related performance obligation is satisfied by transferring the promised product or delivery of service to the customer. Revenue is recognized in an amount that reflects the consideration that the Company expects to receive in exchange for those products or services. For self-managed subscriptions, the revenue related to the license for proprietary features is recognized upfront, when the license is delivered. This revenue is presented in the Company’s Consolidated Statements of Operations as license–self-managed. The revenue related to support, and upgrades and updates, are recognized ratably over the contract period and is included in the Company’s Consolidated Statements of Operations as subscription–self-managed and SaaS. For SaaS subscriptions, revenue is recognized based on usage as the usage occurs over the contract period and is included in the Company’s Consolidated Statements of Operations as subscription–self-managed and SaaS.

Cost of Revenue

Cost of revenue primarily consists of expenses related to providing support to the Company’s customers, cloud-related costs, such as hosting and managing costs, the amortization of acquired intangible assets, and allocated overhead. Overhead is allocated to cost of revenue based on applicable headcount.

Research and Development

Research and development costs include personnel-related expenses associated with the Company’s engineering personnel responsible for the design, development and testing of its products, cost of development environments and tools, and allocated overhead. Research and development costs are expensed as incurred.

Advertising Costs

Advertising costs are expensed as incurred and include direct marketing, events, public relations, sales collateral materials and partner programs. Advertising costs amounted to $10.6 million, $8.6 million, and $5.8 million for the years ended December 31, 2023, 2022, and 2021, respectively, and are included in sales and marketing expense in the Consolidated Statements of Operations.

Share-Based Compensation

Share-based compensation related to share options and share purchase rights granted under the Company’s employee share purchase plan is measured at the grant date based on the fair value of awards, using the Black-Scholes option pricing model. The Black-Scholes option pricing model requires the input of subjective assumptions, including the fair value of the underlying ordinary shares, the expected term of the award, the expected volatility of the price of the Company’s ordinary shares, risk-free interest rates, and the expected dividend yield of ordinary shares. The Company measures the grant date fair value of its restricted share units (“RSU”) based on the closing market price of the ordinary share on the date of grant. For share-based awards with only service-based vesting conditions, the compensation expense is recognized on a straight-line basis over the requisite service period. For performance-based RSUs with market conditions, the Company uses Monte Carlo simulation model to determine the fair value and recognizes expense using the accelerated attribution method over the requisite service period. Forfeitures are accounted for as they occur instead of estimating the number of awards expected to be forfeited.

Loss Contingency

The Company evaluates the likelihood of an unfavorable outcome in legal or regulatory proceedings to which it is a party and records a loss contingency when it is probable that a liability has been incurred and the amount of the loss can be reasonably estimated. These judgments are subjective, based on the status of such legal or regulatory proceedings, the merits of the Company’s defenses and consultation with corporate and external legal counsel. Actual outcomes may differ materially from the Company’s estimates. Legal costs associated with the proceedings are expensed as incurred.

Interest and Other Income, Net

Interest and other income, net primarily consists of income earned on cash equivalents and short-term investments and foreign exchange gains and losses. Interest income was $22.1 million, $5.9 million, and $1.5 million for the years ended December 31, 2023, 2022, and 2021, respectively. Foreign exchange gains (losses) were not material for all periods presented.

83


Income Taxes

The Company is subject to income taxes in Israel, the U.S., and other foreign jurisdictions. These foreign jurisdictions may have different statutory rates than in Israel. Income taxes are accounted in accordance with ASC 740, Income Taxes (“ASC 740”). Deferred tax assets and liabilities are recognized for the future tax consequences attributable to differences between the financial statements carrying amounts of existing assets and liabilities and their respective tax basis and operating loss and tax credit carryforwards. Deferred tax assets and liabilities are measured using enacted tax rates expected to apply to taxable income in the years in which those temporary differences are expected to be recovered or settled. The financial effect of changes in tax laws or rates is accounted for in the period of enactment. Valuation allowances are provided when necessary to reduce deferred tax assets to the amount expected to be realized.

The Company recognizes income tax benefits from uncertain tax positions only if it believes that it is more likely than not that the tax position will be sustained upon examination by the taxing authorities based on the technical merits of the position. The tax benefits recognized in the financial statements from such uncertain tax positions are then measured based on the largest benefit that is more likely than not to be realized upon the ultimate settlement. Although the Company believes that it has adequately reserved for its uncertain tax positions (including net interest and penalties), it can provide no assurance that the final tax outcome of these matters will not be materially different. The Company makes adjustments to these reserves when facts and circumstances change, such as the closing of a tax audit or the refinement of an estimate. To the extent that the final tax outcome of these matters is different from the amounts recorded, such differences will affect the income tax expense in the period in which such determination is made.

Net Loss Per Share

The Company calculates basic net loss per share by dividing the net loss by the weighted-average number of ordinary shares outstanding during the period. Diluted net loss per share is computed by giving effect to all potentially dilutive ordinary share equivalents outstanding for the period, including share options and restricted share units.

Segment Information

The Company operates in one operating and reportable segment. Operating segments are defined as components of an enterprise about which separate financial information is evaluated regularly by the chief operating decision maker, who is the Company’s CEO, in deciding how to allocate resources and assessing performance. The Company’s chief operating decision maker allocates resources and assesses performance based upon discrete financial information at the consolidated level.

Revenue by geographical region can be found in Note 3, Revenue Recognition. The following table presents the Company’s long-lived assets by geographic region, which consist of property and equipment, net and operating lease right-of-use assets:

 

 

December 31,

 

 

 

2023

 

 

2022

 

 

 

(in thousands)

 

United States

 

$

8,566

 

 

$

11,569

 

Israel

 

 

15,888

 

 

 

17,887

 

India

 

 

4,054

 

 

 

2,246

 

Rest of world

 

 

582

 

 

 

931

 

Total long-lived assets

 

$

29,090

 

 

$

32,633

 

Recently Issued Accounting Pronouncements

In November 2023, the Financial Accounting Standard Board (“FASB”) issued ASU 2023-07, Segment Reporting (Topic 280), Improvements to Reportable Segment Disclosures, which expands annual and interim disclosure requirements for reportable segments, primarily through enhanced disclosures about significant segment expenses. In addition, it provides new segment disclosure requirements for entities with a single reportable segment. The guidance will be effective for the Company for annual periods beginning January 1, 2024 and for interim periods beginning January 1, 2025. Early adoption is permitted. The Company is currently evaluating the impact on its financial statement disclosures.

In December 2023, the FASB issued ASU 2023-09, Income Taxes (Topic 740), Improvements to Income Tax Disclosures, which requires disaggregated information about the effective tax rate reconciliation as well as information on income taxes paid.

84


The guidance will be effective for the Company for annual periods beginning January 1, 2025, with early adoption permitted. The Company is currently evaluating the impact on its financial statement disclosures.

3. Revenue Recognition

Disaggregation of Revenue

The following table presents revenue by category:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

 

 

Amount

 

 

Percentage
of Revenue

 

 

Amount

 

 

Percentage
of Revenue

 

 

Amount

 

 

Percentage
of Revenue

 

 

 

(in thousands, except percentages)

 

Self-managed subscription

 

$

230,560

 

 

 

66

%

 

$

200,390

 

 

 

72

%

 

$

157,035

 

 

 

76

%

Subscription

 

 

210,867

 

 

 

60

 

 

 

181,802

 

 

 

65

 

 

 

140,398

 

 

 

68

 

License

 

 

19,693

 

 

 

6

 

 

 

18,588

 

 

 

7

 

 

 

16,637

 

 

 

8

 

SaaS

 

 

119,326

 

 

 

34

 

 

 

79,650

 

 

 

28

 

 

 

49,648

 

 

 

24

 

Total subscription revenue

 

$

349,886

 

 

 

100

%

 

$

280,040

 

 

 

100

%

 

$

206,683

 

 

 

100

%

 

The following table summarizes revenue by region based on the shipping address of customers:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

 

 

Amount

 

 

Percentage
of Revenue

 

 

Amount

 

 

Percentage
of Revenue

 

 

Amount

 

 

Percentage
 of Revenue

 

 

 

(in thousands, except percentages)

 

United States

 

$

215,605

 

 

 

62

%

 

$

176,334

 

 

 

63

%

 

$

129,503

 

 

 

63

%

Israel

 

 

9,332

 

 

 

3

 

 

 

6,893

 

 

 

2

 

 

 

4,543

 

 

 

2

 

Rest of world

 

 

124,949

 

 

 

35

 

 

 

96,813

 

 

 

35

 

 

 

72,637

 

 

 

35

 

Total subscription revenue

 

$

349,886

 

 

 

100

%

 

$

280,040

 

 

 

100

%

 

$

206,683

 

 

 

100

%

 

Contract Balances

Of the $175.7 million, $147.1 million and $102.8 million of deferred revenue recorded as of December 31, 2022, 2021 and 2020, respectively, the Company recognized $158.3 million, $129.1 million and $83.8 million as revenue during the years ended December 31, 2023, 2022, and 2021, respectively.

Remaining Performance Obligation

The Company’s remaining performance obligations are comprised of product and service revenue not yet delivered. As of December 31, 2023, the aggregate amount of the transaction price allocated to remaining performance obligations was $259.8 million, which consists of billed considerations of $214.1 million and unbilled considerations of $45.7 million, that the Company expects to recognize as revenue. As of December 31, 2023, the Company expects to recognize 84% of its remaining performance obligations as revenue over the next 12 months, and the remainder thereafter.

Cost to Obtain a Contract

Amortization of deferred contract acquisition costs was $10.2 million, $7.2 million, and $4.6 million for the years ended December 31, 2023, 2022, and 2021, respectively.

85


4. Short-Term Investments

Short-term investments consist of bank deposits and marketable securities. As of December 31, 2023 and 2022, bank deposits were $81.1 million and $96.0 million, respectively.

Marketable securities consisted of the following:

 

 

December 31, 2023

 

 

 

Amortized
Cost

 

 

Gross
Unrealized
Gains

 

 

Gross
Unrealized
Losses

 

 

Fair Value

 

 

 

(in thousands)

 

Certificates of deposit

 

$

2,455

 

 

$

 

 

$

(21

)

 

$

2,434

 

Commercial paper

 

 

8,927

 

 

 

 

 

 

(6

)

 

 

8,921

 

Corporate debt securities

 

 

162,515

 

 

 

234

 

 

 

(302

)

 

 

162,447

 

Municipal securities

 

 

22,263

 

 

 

9

 

 

 

(36

)

 

 

22,236

 

Government and agency debt

 

 

183,093

 

 

 

252

 

 

 

(250

)

 

 

183,095

 

Total marketable securities

 

$

379,253

 

 

$

495

 

 

$

(615

)

 

$

379,133

 

 

 

 

December 31, 2022

 

 

 

Amortized
Cost

 

 

Gross
Unrealized
Gains

 

 

Gross
Unrealized
Losses

 

 

Fair Value

 

 

 

(in thousands)

 

Certificates of deposit

 

$

2,204

 

 

$

 

 

$

(51

)

 

$

2,153

 

Commercial paper

 

 

38,164

 

 

 

2

 

 

 

(137

)

 

 

38,029

 

Corporate debt securities

 

 

137,191

 

 

 

41

 

 

 

(859

)

 

 

136,373

 

Municipal securities

 

 

38,543

 

 

 

23

 

 

 

(222

)

 

 

38,344

 

Government and agency debt

 

 

87,149

 

 

 

7

 

 

 

(484

)

 

 

86,672

 

Total marketable securities

 

$

303,251

 

 

$

73

 

 

$

(1,753

)

 

$

301,571

 

 

The following table summarizes the Company’s marketable securities by contractual maturities:

 

 

December 31, 2023

 

 

 

(in thousands)

 

Due in 1 year or less

 

$

273,273

 

Due in 1 year through 2 years

 

 

105,860

 

Total

 

$

379,133

 

The following table presents fair value and gross unrealized losses of the Company’s marketable securities that have been in a continuous loss position, aggregated by length of time:

 

 

December 31, 2023

 

 

 

Less Than 12 Months

 

 

12 Months or Greater

 

 

Total

 

 

 

Fair Value

 

 

Gross Unrealized Loss

 

 

Fair Value

 

 

Gross Unrealized Loss

 

 

Fair Value

 

 

Gross Unrealized Loss

 

 

 

(in thousands)

 

Certificates of deposit

 

$

250

 

 

$

 

 

$

2,175

 

 

$

(21

)

 

$

2,425

 

 

$

(21

)

Commercial paper

 

 

8,921

 

 

 

(6

)

 

 

 

 

 

 

 

 

8,921

 

 

 

(6

)

Corporate debt securities

 

 

77,023

 

 

 

(177

)

 

 

25,156

 

 

 

(125

)

 

 

102,179

 

 

 

(302

)

Municipal securities

 

 

7,071

 

 

 

(6

)

 

 

4,215

 

 

 

(30

)

 

 

11,286

 

 

 

(36

)

Government and agency debt

 

 

99,236

 

 

 

(181

)

 

 

8,972

 

 

 

(69

)

 

 

108,208

 

 

 

(250

)

Total

 

$

192,501

 

 

$

(370

)

 

$

40,518

 

 

$

(245

)

 

$

233,019

 

 

$

(615

)

 

86


 

 

December 31, 2022

 

 

 

Less Than 12 Months

 

 

12 Months or Greater

 

 

Total

 

 

 

Fair Value

 

 

Gross Unrealized Loss

 

 

Fair Value

 

 

Gross Unrealized Loss

 

 

Fair Value

 

 

Gross Unrealized Loss

 

 

 

(in thousands)

 

Certificates of deposit

 

$

2,153

 

 

$

(51

)

 

$

 

 

$

 

 

$

2,153

 

 

$

(51

)

Commercial paper

 

 

31,838

 

 

 

(137

)

 

 

 

 

 

 

 

$

31,838

 

 

$

(137

)

Corporate debt securities

 

 

123,540

 

 

 

(859

)

 

 

 

 

 

 

 

$

123,540

 

 

$

(859

)

Municipal securities

 

 

25,336

 

 

 

(222

)

 

 

 

 

 

 

 

$

25,336

 

 

$

(222

)

Government and agency debt

 

 

71,781

 

 

 

(484

)

 

 

 

 

 

 

 

$

71,781

 

 

$

(484

)

Total

 

$

254,648

 

 

$

(1,753

)

 

$

 

 

$

 

 

$

254,648

 

 

$

(1,753

)

As of December 31, 2023 and 2022, the unrealized losses related to marketable securities were determined to be not due to credit related losses. Therefore, the Company did not recognize an allowance for credit losses. See Note 13, Accumulated Other Comprehensive Income (Loss), for the realized gains or losses from available-for-sale marketable securities that were reclassified out of AOCI during the periods presented.

5. Fair Value Measurements

The following table presents information about the Company’s financial instruments that are measured at fair value on a recurring basis:

 

 

December 31, 2023

 

 

 

Fair Value

 

 

Level 1

 

 

Level 2

 

 

 

(in thousands)

 

Financial Assets:

 

 

 

 

 

 

 

 

 

Money market funds

 

$

40,646

 

 

$

40,646

 

 

$

 

Government and agency debt

 

 

5,498

 

 

 

 

 

$

5,498

 

Cash equivalents

 

 

46,144

 

 

 

40,646

 

 

 

5,498

 

Certificates of deposit

 

 

2,434

 

 

 

 

 

 

2,434

 

Commercial paper

 

 

8,921

 

 

 

 

 

 

8,921

 

Corporate debt securities

 

 

162,447

 

 

 

 

 

 

162,447

 

Municipal securities

 

 

22,236

 

 

 

 

 

 

22,236

 

Government and agency debt

 

 

183,095

 

 

 

 

 

 

183,095

 

Marketable securities

 

 

379,133

 

 

 

 

 

 

379,133

 

Foreign currency contracts designated as hedging instruments included in prepaid expenses and other current assets

 

 

1,189

 

 

 

 

 

 

1,189

 

Foreign currency contracts not designated as hedging instruments included in prepaid expenses and other current assets

 

 

235

 

 

 

 

 

 

235

 

Restricted bank deposits included in prepaid expenses and other current assets

 

 

12

 

 

 

 

 

 

12

 

Total financial assets

 

$

426,713

 

 

$

40,646

 

 

$

386,067

 

Financial Liabilities:

 

 

 

 

 

 

 

 

 

Foreign currency contracts designated as hedging instruments included in accrued expenses and other current liabilities

 

$

52

 

 

$

 

 

$

52

 

Foreign currency contracts not designated as hedging instruments included in accrued expenses and other current liabilities

 

 

5

 

 

 

 

 

 

5

 

Total financial liabilities

 

$

57

 

 

$

 

 

$

57

 

 

87


 

 

December 31, 2022

 

 

 

Fair Value

 

 

Level 1

 

 

Level 2

 

 

 

(in thousands)

 

Financial Assets:

 

 

 

 

 

 

 

 

 

Money market funds

 

$

9,562

 

 

$

9,562

 

 

$

 

Cash equivalents

 

 

9,562

 

 

 

9,562

 

 

 

 

Certificates of deposit

 

 

2,153

 

 

 

 

 

 

2,153

 

Commercial paper

 

 

38,029

 

 

 

 

 

 

38,029

 

Corporate debt securities

 

 

136,373

 

 

 

 

 

 

136,373

 

Municipal securities

 

 

38,344

 

 

 

 

 

 

38,344

 

Government and agency debt

 

 

86,672

 

 

 

 

 

 

86,672

 

Marketable securities

 

 

301,571

 

 

 

 

 

 

301,571

 

Foreign currency contracts designated as hedging instruments included in prepaid expenses and other current assets

 

 

20

 

 

 

 

 

 

20

 

Foreign currency contracts not designated as hedging instruments included in prepaid expenses and other current assets

 

 

21

 

 

 

 

 

 

21

 

Restricted bank deposits included in prepaid expenses and other current assets

 

 

12

 

 

 

 

 

 

12

 

Total financial assets

 

$

311,186

 

 

$

9,562

 

 

$

301,624

 

Financial Liabilities:

 

 

 

 

 

 

 

 

 

Foreign currency contracts designated as hedging instruments included in accrued expenses and other current liabilities

 

$

1,098

 

 

$

 

 

$

1,098

 

Foreign currency contracts not designated as hedging instruments included in accrued expenses and other current liabilities

 

 

379

 

 

 

 

 

 

379

 

Total financial liabilities

 

$

1,477

 

 

$

 

 

$

1,477

 

 

As of December 31, 2023 and 2022, the Company did not have any assets or liabilities valued based on Level 3 valuations.

6. Derivative Financial Instruments and Hedging

Notional Amount of Foreign Currency Contracts

The notional amounts of outstanding foreign currency contracts in U.S. dollar as of the periods presented were as follows:

 

 

December 31,

 

 

 

2023

 

 

2022

 

 

 

(in thousands)

 

Derivatives Designated as Hedging Instruments:

 

 

 

 

 

 

Foreign currency contracts

 

$

46,331

 

 

$

42,854

 

Derivatives Not Designated as Hedging Instruments:

 

 

 

 

 

 

Foreign currency contracts

 

 

18,903

 

 

 

17,555

 

Total derivative instruments

 

$

65,234

 

 

$

60,409

 

 

88


 

Effect of Foreign Currency Contracts on the Consolidated Statements of Operations

The gains (losses) on foreign currency contracts were presented on the Consolidated Statements of Operations as follows:

 

 

Derivatives Designated as Hedging Instruments

 

 

Derivatives Not Designated as Hedging Instruments

 

 

 

December 31,

 

 

December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

 

2023

 

 

2022

 

 

2021

 

Statement of Operations Location:

 

(in thousands)

 

Cost of revenue: subscription–self-managed and SaaS

 

$

(359

)

 

$

(314

)

 

$

74

 

 

$

 

 

$

 

 

$

 

Research and development

 

 

(2,982

)

 

 

(2,660

)

 

 

504

 

 

 

 

 

 

 

 

 

 

Sales and marketing

 

 

(693

)

 

 

(540

)

 

 

120

 

 

 

 

 

 

 

 

 

 

General and administrative

 

 

(798

)

 

 

(650

)

 

 

166

 

 

 

 

 

 

 

 

 

 

Interest and other income, net

 

 

 

 

 

8

 

 

 

8

 

 

 

(593

)

 

 

(527

)

 

 

345

 

Total gains (losses) recognized in earnings

 

$

(4,832

)

 

$

(4,156

)

 

$

872

 

 

$

(593

)

 

$

(527

)

 

$

345

 

 

Effect of Foreign Currency Contracts on Accumulated Other Comprehensive Income

Net unrealized gains (losses) of foreign currency contracts designated as hedging instruments, net of tax, are recorded in AOCI. See Note 13, Accumulated Other Comprehensive Income (Loss), for the effect on other comprehensive income (loss) and the reclassification out of AOCI during the periods presented. All of net deferred losses in AOCI as of December 31, 2023 are expected to be recognized as operating expenses in the same financial statement line item in the Consolidated Statements of Operations to which the derivative relates over the next twelve months.

7. Consolidated Balance Sheet Components

Property and Equipment, Net

Property and equipment, net consisted of the following:

 

 

December 31,

 

 

 

2023

 

 

2022

 

 

 

(in thousands)

 

Computer and software

 

$

9,030

 

 

$

8,330

 

Furniture and office equipment

 

 

3,135

 

 

 

2,802

 

Leasehold improvements

 

 

6,069

 

 

 

5,748

 

Property and equipment, gross

 

 

18,234

 

 

 

16,880

 

Less: accumulated depreciation and amortization

 

 

(11,571

)

 

 

(8,859

)

Property and equipment, net

 

$

6,663

 

 

$

8,021

 

 

Depreciation and amortization expense were $3.5 million, $3.1 million, and $2.8 million for the years ended December 31, 2023, 2022, and 2021, respectively.

Accrued Expenses and Other Current Liabilities

Accrued expenses and other current liabilities consisted of the following:

 

 

December 31,

 

 

 

2023

 

 

2022

 

 

 

(in thousands)

 

Accrued compensation and benefits

 

$

25,166

 

 

$

20,892

 

Accrued expenses

 

 

10,649

 

 

 

7,956

 

Accrued expenses and other current liabilities

 

$

35,815

 

 

$

28,848

 

 

89


8. Business Combinations

Vdoo Connected Trust Ltd.

On July 19, 2021, the Company acquired 100% of the share capital of Vdoo Connected Trust Ltd. (“Vdoo”), a privately-held company in Israel, which provides a product security platform for automating all software security tasks throughout the entire product lifecycle. The acquisition accelerates the Company’s security technology expansion, aiming to deliver a holistic security solution as part of its Platform.

The total purchase consideration transferred for the Vdoo acquisition was $299.5 million, comprised of $217.7 million in cash and $81.8 million for the fair value of 1,823,266 shares of the Company’s ordinary shares issued. In addition to the purchase consideration and pursuant to holdback agreements with certain Vdoo employees, the Company transferred $13.2 million in cash and committed to issue 110,932 shares of the Company’s ordinary shares, which were released to these employees one to two years from the acquisition date, subject to their continued service. The Company also agreed to pay up to a $10.0 million retention bonus to Vdoo continuing employees in three annual installments following the acquisition date. The payouts or vesting of the holdback and the retention considerations are subject to continued employment, and therefore recognized as compensation expense over the requisite service period. In addition, pursuant to the purchase agreement, on July 19, 2021, the Company issued approximately $30.0 million of RSUs to Vdoo employees in accordance with the terms of the Company’s equity incentive plan, which would vest and be expensed over an approximately 4-year service period.

The following table summarizes the fair value of assets acquired and liabilities assumed:

 

 

July 19, 2021

 

 

 

(in thousands)

 

Cash and cash equivalent

 

$

31,240

 

Other current assets

 

 

943

 

Intangible assets

 

 

45,500

 

Goodwill

 

 

224,852

 

Other noncurrent assets

 

 

2,692

 

Total assets acquired

 

 

305,227

 

Current liabilities

 

 

4,272

 

Noncurrent liabilities

 

 

1,501

 

Total liabilities assumed

 

 

5,773

 

Total purchase consideration

 

$

299,454

 

 

Goodwill is primarily attributable to expected synergies arising from technology integration and expanded product availability to the Company’s existing and new customers. Goodwill is not deductible for income tax purpose. The following table presents components of the identified intangible assets acquired and their estimated useful lives as of the date of acquisition:

 

 

Fair Value

 

 

Useful Life

 

 

 

(in thousands)

 

 

(in years)

 

Developed technology

 

$

41,300

 

 

 

5.0

 

Customer relationships

 

 

4,200

 

 

 

6.0

 

Total intangible assets acquired

 

$

45,500

 

 

 

 

 

The results of operations of Vdoo have been included in the consolidated financial statements since the date of the acquisition. Additionally, the Company incurred transaction costs $0.7 million during the year ended December 31, 2021, which were included in general and administrative expenses in the Consolidated Statements of Operations.

The following unaudited pro forma information presents the combined results of operations of the Company and Vdoo as if the acquisition of Vdoo had been completed on January 1, 2020. The unaudited pro forma results include adjustments primarily related to amortization of the acquired intangible assets, recognition of cash and share-based compensation associated with RSU grants, retention and holdback arrangements, as referenced above, as of the earliest period presented.

The unaudited pro forma results do not reflect any cost saving synergies from operating efficiencies or the effect of the incremental costs incurred from integrating Vdoo. Accordingly, these unaudited pro forma results are presented for informational

90


purposes only and are not necessarily indicative of what the actual results of operations of the combined company would have been if the acquisition of Vdoo had occurred at the beginning of 2020.

 

 

Year Ended December 31, 2021

 

 

 

(in thousands)

 

Revenue

 

$

207,824

 

Net loss

 

$

89,939

 

 

Upswift Ltd.

In August 2021, the Company completed the acquisition of Upswift Ltd., a privately-held company providing device management platform for total consideration of $9.5 million, net of cash acquired. Of the purchase consideration, $4.3 million was attributed to identified intangible assets, $5.8 million to goodwill, and $0.6 million to net liabilities assumed.

9. Goodwill and Intangible Assets, Net

Goodwill

The following table represents the changes to goodwill:

 

 

Carrying Amount

 

 

 

(in thousands)

 

Balance as of December 31, 2021

 

$

247,776

 

Purchase price adjustment

 

 

179

 

Balance as of December 31, 2022 and 2023

 

$

247,955

 

 

Intangible Assets, Net

Intangible assets consisted of the following as of December 31, 2023:

 

 

Gross Carrying Amount

 

 

Accumulated
Amortization

 

 

Net Carrying Amount

 

 

Weighted-
Average
Remaining
Useful Life

 

 

 

(in thousands)

 

 

(in years)

 

Developed technology

 

$

50,347

 

 

$

(27,779

)

 

$

22,568

 

 

 

2.3

 

Customer relationships

 

 

5,541

 

 

 

(2,786

)

 

 

2,755

 

 

 

3.1

 

Other intangible assets

 

 

1,132

 

 

 

(687

)

 

 

445

 

 

 

0.9

 

Total

 

$

57,020

 

 

$

(31,252

)

 

$

25,768

 

 

 

 

Intangible assets consisted of the following as of December 31, 2022:

 

 

Gross Carrying Amount

 

 

Accumulated
Amortization

 

 

Net Carrying Amount

 

 

Weighted-
Average
Remaining
Useful Life

 

 

 

(in thousands)

 

 

(in years)

 

Developed technology

 

$

50,347

 

 

$

(17,434

)

 

$

32,913

 

 

 

3.3

 

Customer relationships

 

 

5,541

 

 

 

(1,840

)

 

 

3,701

 

 

 

4.1

 

Other intangible assets

 

 

1,132

 

 

 

(202

)

 

 

930

 

 

 

1.9

 

Total

 

$

57,020

 

 

$

(19,476

)

 

$

37,544

 

 

 

 

 

Amortization expenses for intangible assets were $11.8 million, $11.6 million and $5.9 million for the years ended December 31, 2023, 2022, and 2021, respectively.

91


The expected future amortization expenses by year related to the intangible assets as of December 31, 2023 are as follows:

 

 

December 31, 2023

 

 

 

(in thousands)

 

Year Ending December 31,

 

 

 

2024

 

$

11,034

 

2025

 

 

9,110

 

2026

 

 

5,241

 

2027

 

 

383

 

Total

 

$

25,768

 

 

10. Leases

The Company has entered into non-cancelable lease agreements for its offices with lease periods expiring at various dates through March 2028.

Components of operating lease expense were as follows:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

 

(in thousands)

 

Operating lease cost

 

$

9,144

 

 

$

7,682

 

Short-term lease cost

 

 

571

 

 

 

527

 

Variable lease cost

 

 

398

 

 

 

377

 

Total operating lease cost

 

$

10,113

 

 

$

8,586

 

 

Supplementary cash flow information related to operating leases was as follows:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

Cash paid for operating leases

 

$

8,453

 

 

$

7,546

 

ROU assets obtained in exchange for new operating lease liabilities

 

$

2,867

 

 

$

3,567

 

Adjustment to ROU assets upon modification of existing lease

 

$

3,415

 

 

$

2,393

 

 

As of December 31, 2023, the weighted-average discount rate is 3.3% and the weighted-average remaining term is 2.9 years. Maturities of the Company’s operating lease liabilities as of December 31, 2023 were as follows:

 

 

 

December 31, 2023

 

 

 

(in thousands)

 

Year Ending December 31,

 

 

 

2024

 

$

8,895

 

2025

 

 

7,988

 

2026

 

 

4,716

 

2027

 

 

1,628

 

2028

 

 

156

 

Total operating lease payments

 

 

23,383

 

Less: imputed interest

 

 

(1,157

)

Total operating lease liabilities

 

$

22,226

 

 

92


 

11. Commitments and Contingencies

Non-cancelable Purchase Obligations

In the normal course of business, the Company enters into non-cancelable purchase commitments with various parties mainly for hosting services, as well as software products and services. As of December 31, 2023, the Company had outstanding non-cancelable purchase obligations with a term of 12 months or longer as follows:

 

 

December 31, 2023

 

 

 

(in thousands)

 

Year Ending December 31,

 

 

 

2024

 

$

16,346

 

2025

 

 

16,233

 

2026

 

 

108

 

Total

 

$

32,687

 

 

Indemnifications and Contingencies

The Company enters into indemnification provisions under certain agreements with other parties in the ordinary course of business. In its customer agreements, the Company has agreed to indemnify, defend and hold harmless the indemnified party for third party claims and related losses suffered or incurred by the indemnified party from actual or threatened third-party intellectual property infringement claims. For certain large or strategic customers, the Company has agreed to indemnify, defend and hold harmless the indemnified party for certain additional matters including but not limited to non-compliance with certain representations and warranties made by the Company.

Grants from Israeli Innovation Authority

The Company has received in the past grants from the Israeli Innovation Authority (“IIA”) and repaid them in full. Still, as any grant recipient, the Company is subject to the provisions of the Israeli Law for the Encouragement of Research, Development and Technological Innovation in the Industry and the regulations and guidelines thereunder (the “Innovation Law”). Pursuant to the Innovation Law, there are restrictions related to transferring intellectual property outside of Israel. Such transfer requires the approval from the IIA. The approval may be subject to a maximum additional payment amount of approximately $6.0 million. In the past, the Company received an approval from the IIA to perform a limited development of IIA funded know-how outside of Israel, subject to the terms specified in the IIA approval, including that all of its core R&D activities will remain in Israel.

Legal Proceedings

The Company may be subject from time to time to various proceedings, lawsuits, disputes, or claims in the ordinary course of business. The Company investigates these claims as they arise. Although claims are inherently unpredictable, the Company is currently not aware of any matters that, if determined adversely to the Company, would individually or taken together, have a material adverse effect on its business, financial position, results of operations, or cash flows.

Former Company sales employees (the “Former Employees”), on behalf of themselves and other non-exempt sales employees, alleged the violation of various wage and hour laws and have sought to recover unpaid wages, statutory penalties, civil penalties, liquidated damages, and attorney’s fees pursuant to certain California and federal laws. The Company denies the allegations. The Company and Former Employees settled the dispute amicably through arbitration for approximately $2.6 million in September 2022. Subsequently, all settlement payments were distributed. The Company had previously accrued a sufficient amount for the estimated settlement in its sales and marketing expenses in the fourth quarter of 2021.

12. Shareholders’ Equity and Equity Incentive Plans

Preferred and Ordinary Shares

The Company’s amended and restated articles of association (“AoA”) authorized the issuance of 50,000,000 preferred shares and 500,000,000 ordinary shares, each with a par value of NIS 0.01. All ordinary shares will have identical voting and other

93


rights in all respects. The Company’s AoA does not require shareholder approval of a dividend distribution and provides that dividend distributions may be determined by the Company’s board of directors. To date, no dividends have been declared.

The Company has the following ordinary shares reserved for future issuance:

 

 

December 31, 2023

 

Outstanding share options

 

 

5,110,390

 

Outstanding RSUs

 

 

10,006,997

 

Shares available for future issuance under the 2020 Plan

 

 

14,214,984

 

Shares available for future issuance under ESPP

 

 

4,281,665

 

Total ordinary shares reserved

 

 

33,614,036

 

 

Equity Incentive Plans

In September 2020, the Company adopted the 2020 Share Incentive Plan (“2020 Plan”), which replaced the 2011 Israeli Share Option Plan (“2011 Plan”). The Company ceased granting awards under the 2011 Plan. The equity awards outstanding under the 2011 Plan continue to be governed by the 2011 Plan. These awards generally vest over five years and expire 10 years after the date of grant.

The 2020 Plan provides for the grant of share options, ordinary shares, restricted shares, restricted share units and other share-based awards. The maximum number of ordinary shares available for issuance under the 2020 Plan is equal to the sum of (i) 9,100,000 ordinary shares plus, (ii) the number of ordinary shares remaining available for issuance under the 2011 Plan as of the date it was replaced, and (iii) the number of ordinary shares that become available under the 2011 Plan as a result of expiration, forfeiture, cancellation, or settlement in cash, with the maximum number of shares to be added to the 2020 Plan pursuant to the 2011 Plan equal to 15,309,367 shares. In addition, the number of shares available for issuance under the Company’s 2020 Plan also includes an annual increase on January 1 of each year beginning on January 1, 2021 and ending on and including January 1, 2030, in an amount equal to the least of (i) 9,100,000 ordinary shares, (ii) five percent (5%) of the total number of ordinary shares outstanding as of the last day of the immediately preceding calendar year on a fully diluted basis, or (iii) such number of shares determined by the Company’s board of directors. The contractual term for each award granted under the 2020 Plan will be 10 years. Effective January 1, 2023, the number of ordinary shares authorized for issuance under the 2020 Plan automatically increased by 5,819,265 shares.

Share Options

A summary of share option activity under the Company’s equity incentive plans and related information is as follows:

 

 

Options Outstanding

 

 

 

Outstanding
Share Options

 

 

Weighted-Average Exercise
Price

 

 

Weighted-Average Remaining
Contractual
Life (Years)

 

 

Aggregate
Intrinsic
Value

 

 

 

(in thousands, except share, life and per share data)

 

Balance as of December 31, 2022

 

 

7,205,324

 

 

$

7.88

 

 

 

5.4

 

 

$

101,334

 

Exercised

 

 

(1,899,722

)

 

$

5.31

 

 

 

 

 

$

38,903

 

Forfeited

 

 

(195,212

)

 

$

17.04

 

 

 

 

 

 

 

Balance as of December 31, 2023

 

 

5,110,390

 

 

$

8.49

 

 

 

4.1

 

 

$

134,171

 

Exercisable as of December 31, 2023

 

 

4,434,819

 

 

$

7.07

 

 

 

3.8

 

 

$

122,537

 

 

The total intrinsic value of option exercised during the years ended December 31, 2022 and 2021 was $44.8 million and $118.7 million, respectively.

94


Restricted Share Units

A summary of RSU activity under the Company's equity incentive plan is as follows, including performance-based RSUs with market condition:

 

 

RSUs

 

 

 

Unvested RSUs

 

 

Weighted-Average
Grant Date Fair
Value Per Share

 

Unvested as of December 31, 2022

 

 

7,981,147

 

 

$

26.90

 

Granted

 

 

6,605,426

 

 

$

25.38

 

Vested

 

 

(2,882,729

)

 

$

27.15

 

Forfeited

 

 

(1,696,847

)

 

$

26.35

 

Unvested as of December 31, 2023

 

 

10,006,997

 

 

$

25.91

 

 

The weighted-average grant date fair value of RSUs granted during the years ended December 31, 2022 and 2021 was $21.40 and $45.97, respectively. The total fair value of RSUs, as of their respective release dates, was $75.2 million, $22.9 million, and $23.4 million during the years ended December 31, 2023, 2022, and 2021, respectively.

Employee Share Purchase Plan

In August 2020, the Company adopted the 2020 Employee Share Purchase Plan (“ESPP”), which became effective in September 2020. A total of 2,100,000 ordinary shares are available for sale under the ESPP. The number of ordinary shares available for sale under the ESPP also includes an annual increase on the first day of each fiscal year beginning with 2021, equal to the least of (i) 2,100,000 ordinary shares, (ii) one percent (1%) of the total number of ordinary shares outstanding as of the last day of the immediately preceding calendar year, or (iii) such other amount as may be determined by the Company’s board of directors.

Eligible employees can contribute up to 15% of their eligible compensation to purchase the Company’s ordinary shares, not to exceed $25,000 of fair market value of the ordinary shares for each calendar year or 1,250 ordinary shares during an offering period. The purchase price of the shares will be 85% of the lower of the fair market value of the Company’s ordinary shares on the first trading day of the offering period or on the exercise date. Participants may end their participation at any time during an offering period and unused contributions will be refunded. Participation ends automatically upon termination of employment with the Company.

The Company’s ESPP provides for consecutive six-month offering periods. The offering periods are scheduled to start on the first trading day on or after March 1 and September 1 of each year, with the first offering period commenced on March 1, 2021.

Effective January 1, 2023, the number of ordinary shares authorized for issuance under the ESPP automatically increased by 1,009,633 shares.

The Black-Scholes assumptions used to value the purchase rights granted under the ESPP on the first day of the offering period are as follows:

 

 

Year Ended December 31,

 

 

2023

 

2022

 

2021

Expected term (years)

 

0.5

 

0.5

 

0.5

Expected volatility

 

44.4% - 55.1%

 

51.7% - 58.5%

 

56.9% - 64.8%

Risk-free interest rate

 

5.20% - 5.47%

 

0.16% - 3.3%

 

0.1%

Expected dividend yield

 

0.0%

 

0.0%

 

0.0%

 

95


 

Share-Based Compensation

The share-based compensation expense by line item in the accompanying Consolidated Statements of Operations is summarized as follows:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

 

 

(in thousands)

 

Cost of revenue: subscription–self-managed and SaaS

 

$

9,784

 

 

$

6,991

 

 

$

4,027

 

Research and development

 

 

32,689

 

 

 

24,664

 

 

 

14,572

 

Sales and marketing

 

 

30,338

 

 

 

22,753

 

 

 

15,256

 

General and administrative

 

 

22,360

 

 

 

14,253

 

 

 

23,094

 

Total share-based compensation expense

 

$

95,171

 

 

$

68,661

 

 

$

56,949

 

 

As of December 31, 2023, unrecognized share-based compensation cost related to unvested share-based compensation awards was $241.6 million, which is expected to be recognized over a weighted-average period of 2.8 years.

13. Accumulated Other Comprehensive Income (Loss)

The following table summarizes the changes in AOCI by component, net of tax, during the periods presented:

 

 

Net Unrealized
Losses on
Available-for-Sale
Marketable
Securities

 

 

Net Unrealized
Gains (Losses) on
Derivatives
Designated as
Hedging
Instruments

 

 

Total

 

 

 

(in thousands)

 

Balance as of December 31, 2021

 

$

(264

)

 

$

875

 

 

$

611

 

Other comprehensive loss before reclassifications

 

 

(1,428

)

 

 

(6,109

)

 

 

(7,537

)

Net realized losses (gains) reclassified from AOCI

 

 

(2

)

 

 

4,156

 

 

 

4,154

 

Other comprehensive loss

 

 

(1,430

)

 

 

(1,953

)

 

 

(3,383

)

Balance as of December 31, 2022

 

 

(1,694

)

 

 

(1,078

)

 

 

(2,772

)

Other comprehensive income (loss) before reclassifications

 

 

1,414

 

 

 

(2,617

)

 

 

(1,203

)

Net realized losses reclassified from AOCI

 

 

156

 

 

 

4,832

 

 

 

4,988

 

Other comprehensive income

 

 

1,570

 

 

 

2,215

 

 

 

3,785

 

Balance as of December 31, 2023

 

$

(124

)

 

$

1,137

 

 

$

1,013

 

 

14. Income Taxes

Ordinary taxable income in Israel is subject to a corporate tax rate of 23%.

The Company applies various benefits allotted to it under the revised Investment Law as per Amendment 73, which includes a number of changes to the Investment Law regimes through regulations that have come into effect from January 1, 2017. Applicable benefits under the new regime include:

Introduction of a benefit regime for “Preferred Technology Enterprises” (“PTE”), granting a 12% tax rate in central Israel on income deriving from Benefited Intangible Assets, subject to a number of conditions being fulfilled, including a minimal amount or ratio of annual R&D expenditure and R&D employees, as well as having at least 25% of annual income derived from exports to large markets.
A 12% capital gains tax rate on the sale of a preferred intangible asset to a foreign affiliated enterprise, provided that the asset was initially purchased from a foreign resident at an amount of NIS 200 million or more.
A withholding tax rate of 20% for dividends paid from PTE income (with an exemption from such withholding tax applying to dividends paid to an Israeli company) may be reduced to 4% on dividends paid to a foreign resident company, subject to certain conditions regarding percentage of foreign ownership of the distributing entity.

96


The Company adopted the PTE status since 2017 and believes it is eligible for its tax benefits.

The Company’s subsidiaries are separately taxed under the domestic tax laws of the jurisdiction of incorporation of each entity.

The components of the net loss before income taxes were as follows:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

 

 

(in thousands)

 

Israel

 

$

(73,560

)

 

$

(99,434

)

 

$

(38,900

)

Foreign

 

 

19,044

 

 

 

14,688

 

 

 

(28,725

)

Total

 

$

(54,516

)

 

$

(84,746

)

 

$

(67,625

)

 

Income tax expense (benefit) was as follows:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

 

 

(in thousands)

 

Current:

 

 

 

 

 

 

 

 

 

Israel

 

$

 

 

$

 

 

$

(369

)

Foreign

 

 

5,753

 

 

 

3,967

 

 

 

549

 

Total current income tax expense

 

 

5,753

 

 

 

3,967

 

 

 

180

 

Deferred:

 

 

 

 

 

 

 

 

 

Israel

 

 

 

 

 

 

 

 

(371

)

Foreign

 

 

987

 

 

 

1,471

 

 

 

(3,231

)

Total deferred income tax expense (benefit)

 

 

987

 

 

 

1,471

 

 

 

(3,602

)

Income tax expense (benefit)

 

$

6,740

 

 

$

5,438

 

 

$

(3,422

)

 

A reconciliation of the Company’s statutory income tax rate to effective income tax rate is as follows:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

Theoretical income tax benefit

 

 

23

%

 

 

23

%

 

 

23

%

PTE

 

 

(15

)

 

 

(13

)

 

 

(5

)

Foreign tax rate differentials

 

 

2

 

 

 

3

 

 

 

1

 

Share-based compensation

 

 

(2

)

 

 

(6

)

 

 

(4

)

Change in valuation allowance

 

 

(16

)

 

 

(13

)

 

 

(6

)

Unrecognized tax benefits

 

 

(1

)

 

 

 

 

 

(3

)

Acquisition costs

 

 

(1

)

 

 

(1

)

 

 

(1

)

Other

 

 

(2

)

 

 

1

 

 

 

 

Total

 

 

(12

)%

 

 

(6

)%

 

 

5

%

 

Deferred income taxes reflect the net tax effects of temporary differences between the carrying amounts of assets and liabilities for financial reporting purposes and the amounts used for income tax purposes.

97


The following table presents the significant components of the Company’s deferred tax assets and liabilities:

 

 

December 31,

 

 

 

2023

 

 

2022

 

 

 

(in thousands)

 

Deferred tax assets:

 

 

 

 

 

 

Net operating loss carryforwards

 

$

20,070

 

 

$

16,336

 

Research and development expenses

 

 

7,843

 

 

 

8,669

 

Accruals and reserves

 

 

971

 

 

 

1,580

 

Share-based compensation

 

 

13,024

 

 

 

7,436

 

Deferred revenue

 

 

2,403

 

 

 

2,217

 

Operating lease liabilities

 

 

1,602

 

 

 

2,406

 

Gross deferred tax assets

 

 

45,913

 

 

 

38,644

 

Valuation allowance

 

 

(31,585

)

 

 

(22,690

)

Total deferred tax assets

 

 

14,328

 

 

 

15,954

 

Deferred tax liabilities:

 

 

 

 

 

 

Intangible assets

 

 

(2,997

)

 

 

(4,297

)

Deferred contract acquisition costs

 

 

(5,089

)

 

 

(3,917

)

Operating lease ROU assets

 

 

(1,563

)

 

 

(2,236

)

Share-based compensation

 

 

(947

)

 

 

(632

)

Property and equipment

 

 

(155

)

 

 

(318

)

Gross deferred tax liabilities

 

 

(10,751

)

 

 

(11,400

)

Net deferred tax assets

 

$

3,577

 

 

$

4,554

 

 

A valuation allowance is provided when it is more likely than not that the deferred tax assets will not be realized. The Company has established a valuation allowance to offset certain deferred tax assets at December 31, 2023 and 2022 due to the uncertainty of realizing future tax benefits from its net operating loss carryforwards and other deferred tax assets. The net change in the total valuation allowance for the years ended December 31, 2023, 2022, and 2021 was an increase of $8.9 million, $10.1 million and $4.7 million, respectively.

As of December 31, 2023, the Company had $138.8 million in net operating loss carryforwards in Israel, which can be carried forward indefinitely.

As of December 31, 2023, the U.S. subsidiary had state net operating loss carryforwards of $51.5 million available to offset future taxable income, which will expire between 2034 and 2043, if not utilized. The U.S. subsidiary had an immaterial federal net operating loss carryforward as of December 31, 2023.

As of December 31, 2023, certain foreign subsidiaries of the Company had undistributed earnings of $6.7 million, which were designated as indefinitely reinvested. If these earnings were repatriated to Israel, it would be subject to income taxes and to an adjustment for foreign tax credits and foreign withholding taxes. The Company has estimated the amount of unrecognized deferred tax liability related to these earnings to be approximately $0.6 million.

98


A reconciliation of the beginning and ending balance of total unrecognized tax benefits is as follows:

 

 

Unrecognized Tax Benefits

 

 

 

(in thousands)

 

Balance - December 31, 2020

 

$

2,738

 

Increase related to prior years’ tax positions

 

 

86

 

Decrease related to prior years’ tax positions

 

 

(2

)

Increase related to current year’s tax positions

 

 

2,039

 

Decrease related to settlements with tax authorities

 

 

(446

)

Decrease due to lapse of statutes of limitations

 

 

(19

)

Balance - December 31, 2021

 

 

4,396

 

Increase related to prior years’ tax positions

 

 

289

 

Increase related to current year’s tax positions

 

 

176

 

Decrease due to lapse of statutes of limitations

 

 

(38

)

Balance - December 31, 2022

 

 

4,823

 

Increase related to prior years’ tax positions

 

 

149

 

Decrease related to prior years’ tax positions

 

 

(24

)

Increase related to current year’s tax positions

 

 

464

 

Decrease due to lapse of statutes of limitations

 

 

(13

)

Balance - December 31, 2023

 

$

5,399

 

 

As of December 31, 2023, the total amount of gross unrecognized tax benefits was $5.4 million, of which, $3.9 million, if recognized, would favorably affect the Company’s effective tax rate.

The Company recognizes interest and penalties related to uncertain tax positions in income tax expense. As of December 31, 2023 and 2022, accrued interest and penalties related to uncertain tax positions were immaterial.

The Company has net operating losses from prior tax periods which may be subjected to examination in future periods. As of December 31, 2023, the Company’s tax years after 2019 are open to examination in Israel. Its U.S. subsidiary’s tax filings for tax years after 2019 are open to examinations by U.S. federal tax authorities and tax years after 2018 are open to examinations by U.S. state tax authorities. In addition, the U.S. federal tax returns were settled through 2018 except for any adjustments which might be made as a result of the carryback of net operating losses. The Company currently does not expect uncertain tax positions to change significantly over the next 12 months, except in the case of settlements with tax authorities, the likelihood and timing of which is difficult to estimate.

15. Employee Benefit Plans

The Company has a defined-contribution plan in the U.S. intended to qualify under Section 401 of the Internal Revenue Code (the “401(k) Plan”). The 401(k) Plan covers substantially all employees who meet minimum age and service requirements and allows participants to defer a portion of their annual compensation on a pre-tax basis. The Company matches 50% of participating employee contributions to the plan up to 6% of the employee’s eligible compensation. During the years ended December 31, 2023, 2022, and 2021, the Company recorded $1.6 million, $1.4 million and $1.1 million, respectively, of expenses related to the 401(k) plan.

Israeli Severance Pay

Pursuant to Israel’s Severance Pay Law, Israeli employees are entitled to severance pay equal to one month’s salary for each year of employment, or a portion thereof. The Company has elected to include its employees in Israel under Section 14 of the Severance Pay Law, under which these employees are entitled only to monthly deposits made in their name with insurance companies, at a rate of 8.33% of their monthly salary. These payments release the Company from any future obligation under the Israeli Severance Pay Law to make severance payments in respect of those employees; therefore, any liability for severance pay due to these employees, and the deposits under Section 14 are not recorded as an asset in the Consolidated Balance Sheets. During the years ended December 31, 2023, 2022, and 2021, the Company recorded $6.2 million, $5.5 million, and $3.6 million, respectively, in severance expenses related to these employees.

99


16. Net Loss Per Share

The following table sets forth the computation of basic and diluted net loss per share for the periods presented:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

 

 

(in thousands, except share and per share data)

 

Numerator:

 

 

 

 

 

 

 

 

 

Net loss

 

$

(61,256

)

 

$

(90,184

)

 

$

(64,203

)

Denominator:

 

 

 

 

 

 

 

 

 

Weighted-average shares used in computing net loss per share, basic and diluted

 

 

103,317,759

 

 

 

99,243,894

 

 

 

94,783,082

 

Net loss per share, basic and diluted

 

$

(0.59

)

 

$

(0.91

)

 

$

(0.68

)

 

The potential shares of ordinary shares that were excluded from the computation of diluted net loss per share attributable to ordinary shareholders for the periods presented because including them would have been anti-dilutive are as follows:

 

 

Year Ended December 31,

 

 

 

2023

 

 

2022

 

 

2021

 

Outstanding share options

 

 

6,264,883

 

 

 

8,268,711

 

 

 

11,229,241

 

Unvested RSUs

 

 

9,298,748

 

 

 

6,223,077

 

 

 

2,331,607

 

Share purchase rights under the ESPP

 

 

155,276

 

 

 

101,787

 

 

 

79,450

 

Issuable ordinary shares related to business combination

 

 

27,505

 

 

 

104,715

 

 

 

140,385

 

Total

 

 

15,746,412

 

 

 

14,698,290

 

 

 

13,780,683

 

 

100


Item 9. Changes in and Disagreements with Accountants on Accounting and Financial Disclosure

None.

Item 9A. Controls and Procedures

Evaluation of Disclosure Controls and Procedures

Our disclosure controls and procedures are designed to ensure that information we are required to disclose in reports that we file or submit under the Exchange Act is recorded, processed, summarized, and reported within the time periods specified in SEC rules and forms, and that such information is accumulated and communicated to our management, including our Chief Executive Officer and Chief Financial Officer, as appropriate, to allow timely decisions regarding required disclosure.

Our management, with the participation and supervision of our Chief Executive Officer and our Chief Financial Officer, have evaluated the effectiveness of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) under the Exchange Act) as of the end of the period covered by this Annual Report on Form 10-K. Based on such evaluation, our Chief Executive Officer and Chief Financial Officer have concluded that as of such date, our disclosure controls and procedures were, in design and operation, effective at a reasonable assurance level.

Management's Report on Internal Control over Financial Reporting

Our management is responsible for establishing and maintaining adequate “internal control over financial reporting,” as defined in Rule 13a-15(f) and Rule 15d-15(f) under the Exchange Act. Our management conducted an evaluation of the effectiveness of our internal control over financial reporting as of December 31, 2023 based on the criteria established in Internal Control - Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission.

Based on the results of its evaluation, management concluded that our internal control over financial reporting was effective as of December 31, 2023 to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements in accordance with GAAP. The effectiveness of our internal control over financial reporting as of December 31, 2023 has been audited by Kost Forer Gabbay & Kasierer, an independent registered public accounting firm and a member of Ernst & Young Global, as stated in its report which is included in Item 8 of this Annual Report on Form 10-K.

Changes in Internal Control over Financial Reporting

There were no changes in our internal control over financial reporting identified in connection with the evaluation required by Rule 13a-15(d) and 15d-15(d) of the Exchange Act that occurred during the quarter ended December 31, 2023 that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.

Inherent Limitations on the Effectiveness of Controls

The effectiveness of any system of internal control over financial reporting, including ours, is subject to inherent limitations, including the exercise of judgment in designing, implementing, operating, and evaluating the controls and procedures, and the inability to eliminate misconduct completely. Accordingly, in designing and evaluating the disclosure controls and procedures, management recognizes that any system of internal control over financial reporting, including ours, no matter how well designed and operated, can only provide reasonable, not absolute, assurance of achieving the desired control objectives. In addition, the design of disclosure controls and procedures must reflect the fact that there are resource constraints and that management is required to apply its judgment in evaluating the benefits of possible controls and procedures relative to their costs. Moreover, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

Item 9B. Other Information

Securities Trading Plans of Directors and Executive Officers

During the three months ended December 31, 2023, the following director, as defined in Rule 16a-1(f) of the Exchange Act, adopted a “Rule 10b5-1 trading arrangement” as defined in Item 408 of Regulation S-K, as follows:

101


On November 7, 2023, Ms. Elisa Steele, a member of our board of directors, adopted a Rule 10b5-1 trading arrangement providing for the sale from time to time of an aggregate of up to 1,957 ordinary shares. The trading arrangement is intended to satisfy the affirmative defense in Rule 10b5-1(c). The duration of the trading arrangement is until November 7, 2024, or earlier if all transactions under the trading arrangement are completed.

No other officers or directors, as defined in Rule 16a-1(f), adopted or terminated a “Rule 10b5-1 trading arrangement” or a “non-Rule 10b5-1 trading arrangement,” as defined in Item 408 of Regulation S-K, during the three months ended December 31, 2023.

Item 9C. Disclosure Regarding Foreign Jurisdictions that Prevent Inspections

Not applicable.

PART III

Item 10. Directors, Executive Officers and Corporate Governance

The information required by this item will be set forth in our definitive proxy statement to be filed with the Securities and Exchange Commission not later than 120 days after the end of our fiscal year ended December 31, 2023 in connection with our 2024 annual general meeting of shareholders (the “Proxy Statement”), and is incorporated herein by reference.

Code of Conduct

Our Board of Directors has adopted a Code of Business Conduct and Ethics that applies to all officers, directors, and employees, which is available on our website at https://investors.jfrog.com/ under “Governance.” We intend to satisfy the disclosure requirement under Item 5.05 of Form 8-K regarding amendments to, or waiver from, a provision of our Code of Business Conduct and Ethics by posting such information on the website address and location specified above.

Item 11. Executive Compensation

The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.

Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Shareholder Matters

The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.

Item 13. Certain Relationships and Related Transactions, and Director Independence

The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.

Item 14. Principal Accounting Fees and Services

The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.

102


PART IV

Item 15. Exhibits and Financial Statement Schedules

(a) The following documents are filed as part of this report:

1.
Financial Statements

See Index to Consolidated Financial Statements in Item 8 herein.

2.
Financial Statement Schedules

Schedules not listed above have been omitted because they are not required, not applicable, or the required information is otherwise included.

3.
Exhibits

The exhibits listed below are filed as part of this Annual Report on Form 10-K or are incorporated herein by reference, in each case as indicated below.

EXHIBIT INDEX

Exhibit Number

 

Description

 

Form

 

File No.

 

Exhibit

 

Filing Date

3.1

 

Amended and Restated Articles of Association of JFrog Ltd.

 

S-1/A

 

333-248271

 

3.2

 

September 8, 2020

4.1

 

Specimen share certificate of the Registrant.

 

S-1/A

 

333-248271

 

4.1

 

September 8, 2020

4.2

 

Description of Share Capital.

 

10-K

 

001-39492

 

4.2

 

February 12, 2021

10.1+

 

Form of Indemnification Agreement.

 

S-1

 

333-248271

 

10.1

 

August 24, 2020

10.2+

 

2020 Share Incentive Plan and related form agreements

 

S-1/A

 

333-248271

 

10.3

 

September 8, 2020

10.2A+

 

Forms of Restricted Share Unit Grant and Award Agreement under the Registrant’s 2020 Share Incentive Plan.

 

10-K

 

001-39492

 

10.2A+

 

February 9, 2023

10.3+

 

2020 Employee Share Purchase Plan.

 

S-1/A

 

333-248271

 

10.4

 

September 8, 2020

10.4+

 

Compensation Policy for Executive Officers and Directors.

 

S-1

 

333-248271

 

10.5

 

August 24, 2020

10.5+

 

Non-Employee Director Compensation Policy.

 

S-1/A

 

333-248271

 

10.6

 

September 8, 2020

10.6+

 

Form of Change in Control and Severance Agreement between the Registrant and Shlomi Ben Haim.

 

S-1/A

 

333-248271

 

10.7

 

September 8, 2020

10.7+

 

Form of Confirmatory Employment Letter between the Registrant and Jacob Shulman.

 

S-1

 

333-248271

 

10.7

 

August 24, 2020

10.8+

 

Form of Employment Agreement between the Registrant and Yoav Landman.

 

S-1/A

 

333-248271

 

10.9

 

September 8, 2020

10.9+

 

Form of Confirmatory Employment Letter between the Registrant and Tali Notman.

 

S-1

 

333-248271

 

10.9

 

August 24, 2020

10.10+

 

Form of Confirmatory Employment Letter between the Registrant and Shlomi Ben Haim.

 

S-1

 

333-248271

 

10.10

 

August 24, 2020

10.11+

 

Form of Director Offer Letter

 

S-1

 

333-248271

 

10.11

 

August 24, 2020

10.12+

 

Form of Restricted Share Unit Award Agreement between the Registrant and Shlomi Ben Haim.

 

S-1

 

333-248271

 

10.12

 

August 24, 2020

10.13+

 

Form of Executive Officer Change in Control and Severance Agreement (US).

 

S-1/A

 

333-248271

 

10.14

 

September 8, 2020

10.14+

 

Form of Employment Agreement between the Registrant and Frederic Simon.

 

S-1/A

 

333-248271

 

10.15

 

September 8, 2020

103


Exhibit Number

 

Description

 

Form

 

File No.

 

Exhibit

 

Filing Date

10.15

 

Sublease between the Registrant and Baidu USA LLC, dated as of August 12, 2020.

 

S-1

 

333-248271

 

10.17

 

August 24, 2020

10.16#

 

Share Purchase Agreement by and between the Registrant and Vdoo Connected Trust Ltd., dated June 29, 2021.

 

10-Q

 

001-39492

 

10.1

 

August 6, 2021

10.17+

 

Form of Confirmatory Employment Letter between the Registrant and Ed Grabscheid

 

 

 

 

 

 

 

 

10.18+

 

Equity Side Letter between the Registrant and Ed Grabscheid

 

 

 

 

 

 

 

 

10.19+

 

Consulting Services Agreement between the Registrant and Jacob Shulman, dated December 16, 2023

 

 

 

 

 

 

 

 

21.1

 

Subsidiaries of Registrant.

 

 

 

 

 

 

 

23.1

 

Consent of Independent Registered Public Accounting Firm.

 

 

 

 

 

 

 

24.1

 

Power of Attorney (included in the signature page hereto)

 

 

 

 

 

 

 

 

31.1

 

Certification of Principal Executive Officer Pursuant to Rules 13a-14(a) and 15d-14(a) under the Securities Exchange Act of 1934, as Adopted Pursuant to Section 302 of the Sarbanes-Oxley Act of 2002.

 

 

 

 

 

 

 

 

31.2

 

Certification of Principal Financial Officer Pursuant to Rules 13a-14(a) and 15d-14(a) under the Securities Exchange Act of 1934, as Adopted Pursuant to Section 302 of the Sarbanes-Oxley Act of 2002.

 

 

 

 

 

 

 

 

32.1*

 

Certification of Chief Executive Officer pursuant to 18 U.S.C. Section 1350, as adopted pursuant to section 906 of the Sarbanes-Oxley Act of 2002.

 

 

 

 

 

 

 

 

32.2*

 

Certification of Chief Financial Officer pursuant to 18 U.S.C. Section 1350, as adopted pursuant to section 906 of the Sarbanes-Oxley Act of 2002.

 

 

 

 

 

 

 

 

97.1

 

Compensation Recovery Policy.

 

 

 

 

 

 

 

 

101.INS

 

Inline XBRL Instance Document - the instance document does not appear in the Interactive Data File because its XBRL tags are embedded within the Inline XBRL document.

 

 

 

 

 

 

 

 

101.SCH

 

Inline XBRL Taxonomy Extension Schema Document with Embedded Linkbase Documents.

 

 

 

 

 

 

 

 

104

 

Cover Page Interactive Data File (formatted as Inline XBRL and contained in Exhibit 101).

 

 

 

 

 

 

 

 

___________________

+ Indicates management contract or compensatory plan.

# Portions of this exhibit have been omitted in accordance with Item 601 of Regulation S-K.

* The certifications attached as Exhibits 32.1 and 32.2 that accompany this Annual Report on Form 10-K are not deemed filed with the Securities and Exchange Commission and are not to be incorporated by reference into any filing of the Registrant under the Securities Act of 1933, as amended, or the Securities Exchange Act of 1934, as amended, irrespective of any general incorporation language contained in such filing.

Item 16. Form 10-K Summary

None.

104


SIGNATURES

Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned thereunto duly authorized.

Date: February 15, 2024

 

By:

/s/Shlomi Ben Haim

 

 

Name: Shlomi Ben Haim

 

 

Title: Chief Executive Officer

 

 

(Principal Executive Officer)

POWER OF ATTORNEY

Know all persons by these presents, that each person whose signature appears below constitutes and appoints Shlomi Ben Haim and Eduard Grabscheid, and each of them, as his or her true and lawful attorney in fact and agents, with full power of substitution and resubstituting, for him or her and in his or her name, place and stead, in any and all capacities, to sign any and all amendments to this Annual Report on Form 10-K, and to file the same, with all exhibits thereto, and other documents in connection therewith, with the Securities and Exchange Commission, granting unto said attorneys-in-fact and agents, and each of them, full power and authority to do and perform each and every act and thing requisite and necessary to be done in connection therewith, as fully to all intents and purposes as he or she might or could do in person, hereby ratifying and confirming that all said attorneys-in-fact and agents, or any of them or their or his or her substitute or substitutes, may lawfully do or cause to be done by virtue hereof.

Pursuant to the requirements of the Securities Exchange Act of 1934, this Annual Report on Form 10-K has been signed by the following persons on behalf of the Registrant and in the capacities and on the dates indicated.

Signature

 

Title

 

Date

 

 

 

 

 

/s/ Shlomi Ben Haim

Shlomi Ben Haim

 

Chief Executive Officer and Director (Principal Executive Officer)

 

February 15, 2024

 

 

 

 

 

/s/ Eduard Grabscheid

Eduard Grabscheid

 

Chief Financial Officer (Principal Financial and Principal Accounting Officer)

 

February 15, 2024

 

 

 

 

 

/s/ Yoav Landman

Yoav Landman

 

Director

 

February 15, 2024

 

 

 

 

 

/s/ Yossi Sela

Yossi Sela

 

Director

 

February 15, 2024

 

 

 

 

 

/s/ Jessica Neal

Jessica Neal

 

Director

 

February 15, 2024

 

 

 

 

 

/s/ Frederic Simon

Frederic Simon

 

Director

 

February 15, 2024

 

 

 

 

 

/s/ Elisa Steel

Elisa Steele

 

Director

 

February 15, 2024

 

 

 

 

 

/s/ Andy Vitus

Andy Vitus

 

Director

 

February 15, 2024

 

 

 

 

 

/s/ Yvonne Wassenaar

 

Director

 

February 15, 2024

Yvonne Wassenaar

 

 

 

 

 

 

 

/s/ Barry Zwarenstein

Barry Zwarenstein

 

Director

 

February 15, 2024

 

105


AUTHORIZED REPRESENTATIVE IN THE UNITED STATES

Pursuant to the requirements of the Securities Exchange Act of 1934, this registration statement has been signed by the undersigned as the duly authorized representative in the United States of the Registrant in Sunnyvale, California, on February 15, 2024.

 

 

 

JFrog, Inc.

 

 

By:

/s/ Shlomi Ben Haim

 

 Shlomi Ben Haim

 

 Chief Executive Officer and Secretary

 

106