What changed in JFrog Ltd's 2025 10-K compared to 2024?

Across the narrative sections we track, JFrog Ltd (FROG) added 448 paragraphs, removed 440, and edited 360 between the 2024 and 2025 10-K filings. The biggest movers are Item 1A. Risk Factors (+247/−229), Item 1. Business (+130/−132), Item 7. Management's Discussion & Analysis (+57/−61).

Did JFrog Ltd add new Risk Factors in the 2025 10-K?

Yes — Item 1A Risk Factors shows 247 new/edited paragraphs and 229 removed paragraphs versus the 2024 10-K.

What changed in JFrog Ltd's MD&A (Item 7) in 2025?

Item 7 Management's Discussion & Analysis shows 57 new/edited paragraphs and 61 removed paragraphs year-over-year. Read the side-by-side diff to see exactly which revenue, margin, and outlook commentary was rewritten.

Did JFrog Ltd's Legal Proceedings (Item 3) change in 2025?

Item 3 shows 1 added/edited paragraphs and 1 removed paragraphs — usually indicating new litigation disclosed or settled cases removed.

Where does this FROG 10-K diff come from?

The source filings are JFrog Ltd's official 2024 and 2025 Form 10-K annual reports from SEC EDGAR. 10q10k.net parses each filing, aligns paragraphs by section (Item 1, 1A, 1C, 2, 3, 7, 7A), and highlights every added, removed and edited sentence side-by-side.

What changed in JFrog Ltd's 10-K — 2024 vs 2025

Paragraph-level year-over-year comparison of JFrog Ltd's 2024 and 2025 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2025 report.

+448 added−440 removedSource: 10-K (2026-02-13) vs 10-K (2025-02-14)

Top changes in JFrog Ltd's 2025 10-K

448 paragraphs added · 440 removed · 360 edited across 7 sections

Item 1A. Risk Factors+247 / −229 · 200 edited
Item 1. Business+130 / −132 · 98 edited
Item 7. Management's Discussion & Analysis+57 / −61 · 48 edited
Item 7A. Quantitative and Qualitative Disclosures About Market Risk+9 / −11 · 9 edited
Item 5. Market for Registrant's Common Equity+3 / −4 · 3 edited

Item 1. Business

Business — how the company describes what it does

98 edited+32 added−34 removed38 unchanged

2024 filing

2025 filing

Biggest changeJFrog Enterprise Plus customers are also able to purchase the full suite of JFrog security and/or IoT products and are granted access to JFrog and GitHub integrations, including GitHub Copilot and GitHub Advanced Security integrations designed for a single platform experience for developers. • JFrog ML, with features to help data science and machine learning engineering teams build, test and deploy machine learning models into the software development pipeline, is available to Enterprise X and Enterprise Plus customers. • Additional, optional subscriptions. o JFrog Advanced Security, with functionality for SAST, IaC scanning, container scanning, contextual analysis and more, is available as an optional, add-on subscription for Enterprise X and Enterprise Plus subscribers, as well as through private offers in the cloud marketplaces. o JFrog Runtime Security, with functionality that provides in-depth security monitoring and analysis of production environments, is available as an optional, add-on subscription for customers already utilizing JFrog Advanced Security and Curation. o JFrog Curation functions as a guardian outside the software development pipeline, controlling the admission of packages into an organization, primarily from open source or public repositories. o JFrog Connect functionality for IoT devices is available for separate purchase as a means to control updates and deployments to device fleets.

Biggest changeOptional functionality may include advanced management for AI/ML development lifecycles and AI Catalog functionality, as well as advanced DevGovOps functionality for customers seeking to enhance their application risk governance posture • JFrog ML, with features to help data science and ML engineering teams build, test and deploy ML models into the software development pipeline, is available to Enterprise X and Enterprise Plus customers. • Additional, optional subscription components. o JFrog Advanced Security, with functionality for SAST, IaC scanning, container scanning, contextual analysis, agentic remediation, transitive dependency scanning, AI code validation and more, is available through optional, add-on subscription for Enterprise X and Enterprise Plus subscribers, as well as through private offers in the cloud marketplaces. o JFrog Runtime Security, with functionality that provides in-depth security monitoring and analysis of production environments, is available as an optional, add-on subscription for customers already utilizing JFrog Advanced Security. o JFrog Curation functions as a guardian outside the software development pipeline, controlling the admission of packages into an organization, primarily from open source or public repositories.

Our Platform The JFrog Platform connects all of the software release processes involved in building and releasing software, enabling trust by offering a single source of truth for all software release inputs and outputs.

Our Platform The JFrog Platform connects all of the processes involved in building and releasing software, enabling trust by offering a single source of truth for all software release inputs and outputs.

Our free trial subscription options and open source version of JFrog Artifactory increase software developer, security and IT operator familiarity with our products, and allow for low-friction product adoption. MLOps functionality may expose JFrog solutions to new audiences such as AI/machine learning Engineers and Data Scientists.

Our free trial subscription options and open source version of JFrog Artifactory increase software developer, security and IT operator familiarity with our products, and allow for low-friction product adoption. AI-powered and MLOps functionality may expose JFrog solutions to new audiences such as AI/machine learning Engineers and Data Scientists.

Additionally, we engage with prospective end-users through user-centered events, including JFrog swampUP, our annual, global DevOps, DevSecOps, and MLOps user conference, hands-on training events, persona-driven events, and co-marketing activities with technology partners and large cloud platforms.

Additionally, we engage with prospective end-users through user-centered events, including JFrog swampUP, our annual, global DevOps, DevSecOps, DevGovOps and MLOps user conference, hands-on training events, persona-driven events, and co-marketing activities with technology partners and large cloud platforms.

We have an unwavering commitment to the software developer, MLOps teams, security teams, and IT operator communities, and demonstrate this commitment by offering varying forms of free access to our products in addition to the paid subscriptions described above.

We have an unwavering commitment to the software developer, AI/MLOps teams, security teams, and IT operator communities, and demonstrate this commitment by offering varying forms of free access to our products in addition to the paid subscriptions described above.

JFrog Enterprise X customers are also able to purchase the full suite of JFrog security and/or IoT products and are granted access to JFrog and GitHub integrations including GitHub Copilot and GitHub Advanced Security integrations designed for a single platform experience for developers. • JFrog Enterprise+ (Enterprise Plus).

JFrog Enterprise Plus customers are also able to purchase the full suite of JFrog security and/or IoT products and are granted access to JFrog and GitHub integrations, including GitHub Copilot and GitHub Advanced Security integrations designed for a single platform experience for developers.

Our customer success teams are focused on enabling organizations to realize the full benefits of our platform by helping them advance DevOps, DevSecOps, and MLOps practices and promoting the adoption of additional products and more advanced functionality of our platform.

Our customer success teams are focused on enabling organizations to realize the full benefits of our platform by helping them advance DevOps, DevSecOps, DevGovOps, and MLOps practices and promoting the adoption of additional products and more advanced functionality of our platform.

In addition to annual performance reviews and merit-based compensation, we also encourage employees and their managers to maintain an open dialogue on progress throughout the year. Moreover, we focus on providing each employee an individualized career path and professional development opportunities. Everyone Counts, Everyone Matters We recognize and view equality as key to our success.

In addition to annual performance reviews and merit-based compensation, we also encourage employees and their managers to maintain an open dialogue on progress throughout the year. Moreover, we focus on providing each employee a career path and professional development opportunities. Everyone Counts, Everyone Matters We recognize and view equality as key to our success.

Additionally, we believe acquiring new technologies to complement our organic innovation efforts will help us rapidly adapt to address the evolving needs of the market and drive increased value for our customers. • Expand within our existing customer base.

Additionally, we believe acquiring new technologies to complement our organic innovation efforts may help us rapidly adapt to address the evolving needs of the market and drive increased value for our customers. • Expand within our existing customer base.

Our strategic sales team focuses on accounts with high expansion potential to deliver more customized experiences and dedicated approaches. This is often a top-down approach or executive-level relationship that ensures JFrog is consistently meeting the needs of top-tier customers with high scalability requirements. o Expanding partnerships and go-to-market motions.

Code is built (i.e., transformed) into binary files (or “software packages”) that allow it to run alongside other components as a complete application for consumers as it runs on a server or device.

Code is built (i.e., transformed) into binary files (or “software packages” and “artifacts”) that allow it to run alongside other components as a complete application for consumers as it runs on a server or device.

Our platform is designed to quickly and seamlessly add support for new package technologies as they arise, ensuring a comprehensive view of an organization’s software supply chain. 11 Table of Contents • Curated public repositories. JFrog Artifactory automatically queries third-party repositories and allows organizations to exert choice and governance in the software packages they cache.

Our platform is designed to quickly and seamlessly add support for new package technologies as they arise, ensuring a comprehensive view of an organization’s software supply chain. • Curated public repositories. JFrog Artifactory automatically queries third-party repositories and allows organizations to exert choice and governance in the software packages they cache.

Our registered office is located at 3 HaMahshev Street, Netanya, 4250465, Israel. Our telephone number at this address is + 972 (9)-894-1444. Our agent for service of process in the United States is JFrog, Inc.

Our registered office is located at 3 HaMachshev Street, Netanya, 4250465, Israel. Our telephone number at this address is + 972 (9)-894-1444. Our agent for service of process in the United States is JFrog, Inc.

We are agnostic to the types of technologies a software developer or IT operator may choose to use, which we believe provides us with a competitive advantage. Our platform is designed to quickly and seamlessly add support for new package technologies as they arise. o Align pricing with value provided.

We expect to continue to invest in building new capabilities and extending our platform to bring the power of software supply chain management to a broader range of use cases, including maturation of security solutions for DevSecOps, expansion of AI-enabling technologies including MLOps, and continuing to enable DevOps solutions for devices on the edge.

We have designed our platform to work with the major package technologies and be deployed in any environment, allowing our technology partners to better serve their customers. We also intend to cultivate and leverage channel and alliance partners, including cloud providers, to grow our market presence and drive greater sales efficiency.

We have designed our platform to work with the major package technologies and source code tooling providers, and to be deployed in any environment, allowing our technology partners to better serve their customers. We also intend to cultivate and leverage channel and alliance partners, including cloud providers, to grow our market presence and drive greater sales efficiency.

Our policy is to require employees and independent contractors to sign agreements assigning to us any inventions, trade secrets, works of authorship, developments, and other processes generated by them on our behalf and agreeing to protect our confidential information. In addition, we generally enter into confidentiality agreements with our customers and partners.

Our policy requires employees and independent contractors to sign agreements assigning to us any inventions, trade secrets, works of authorship, developments, and other processes generated by them on our behalf and agreeing to protect our confidential information. In addition, we generally enter into confidentiality agreements with our customers and partners.

Information contained on, or that can be accessed through, the websites provided does not constitute part of this Annual Report on Form 10-K or in any other report or document we file with the SEC, and inclusions of website addresses in this Annual Report on Form 10-K are inactive textual references only.

By securely storing, monitoring, and distributing software packages created inside and outside an organization, we provide a single, trusted local repository that any user within an organization can rely on, serving as the system of record for all of the software in an organization.

By securely storing, monitoring, and distributing software packages created inside and outside an organization or by AI technologies, we provide a single, trusted local repository that any user within an organization can rely on, serving as the system of record for all of the software in an organization.

For example, our workforce is diverse both in ethnicity and gender, including and up to the highest level of management, where three of our 10-member board and three of our 10-member executive management team are women. Compensation and Benefits Our compensation policy is designed to attract, retain and reward personnel.

For example, our workforce is diverse both in ethnicity and gender, including and up to the highest level of management, where three of our 10-member board of directors and four of our 11-member executive management team are women. Compensation and Benefits Our compensation policy is designed to attract, retain, and reward personnel.

At the end of this trial period, prospective customers must pay for a subscription in order to continue utilizing JFrog services. Community, free services include a limited version of Artifactory as well as a community version for C/C++ developers (Conan). 10 Table of Contents • Platform Tours.

We have demonstrated a differentiated ability to retain customers, expand existing customer usage, and cross-sell a broader set of products and features within an organization. Our net dollar retention rate of 116% as of December 31, 2024, highlights the increasing value of our products to our customer base.

We have demonstrated a differentiated ability to retain customers, expand existing customer usage, and cross-sell a broader set of products and features within an organization. Our net dollar retention rate of 119% as of December 31, 2025, highlights the increasing value of our products to our customer base.

For data science and MLOps teams, JFrog Artifactory also manages machine learning models - the fuel of expanding AI technologies - and their dependencies as part of a new generation of companies’ AI-driven applications. We believe JFrog uniquely unites MLOps practitioners with DevSecOps best practices to create a universal software supply chain across an organization. • JFrog Curation.

For data science and MLOps teams, JFrog Artifactory also manages AI/ML models - the fuel of expanding AI technologies - and their dependencies as part of a new generation of companies’ AI-driven applications. We believe JFrog uniquely unites AI-powered development with DevSecOps best practices to create a universal software supply chain across an organization. • JFrog Curation.

Our platform accelerates the software release cycle by enabling the automation of workflows across teams and providing tight coordination between development, security, data science, machine learning and operations groups, removing silos within organizations’ software release processes.

Our platform accelerates the software release cycle by enabling the automation of workflows across teams and providing tight coordination between development, security, data science, AI/ML and operations groups, removing silos within organizations’ software release processes.

Our platform is designed to be agnostic to the programming languages, source code repositories, and development technologies that our customers use, and the type of production environments to which they deploy.

Our platform is designed to be agnostic to the programming languages, source code repositories, public hubs, and development technologies that our customers use, as well as the type of production environments to which they deploy.

The center of our platform, JFrog Artifactory, stores software packages and manages the metadata from major package technologies, including Docker, OCI, Debian, RPM, Go, Helm, Kubernetes, NPM, NuGet, Python, Java, Rust, and machine learning models and datasets.

To meet this need, updating a feature of a software application, rather than releasing a new version of the entire application, ensures that current software is brought to market faster, allowing organizations to be more responsive to their customers’ needs, security concerns and corporate welfare.

To meet this need, updating a feature of a software application or AI model, rather than releasing a new version of the entire application, ensures that current solutions are brought to market faster, allowing organizations to be more responsive to their customers’ needs, security concerns and corporate welfare.

Our platform embeds security into the DevOps and MLOps workflow, creating a seamless DevSecOps and MLSecOps flow that allows organizations to have speed and control in the software release cycle. All software packages on our platform are fully traceable, ensuring the accuracy and reliability of software applications.

Our platform embeds security into the DevOps and AI/MLOps work streams, creating a seamless DevSecOps and MLSecOps flow that allows organizations to have speed and control in the software release cycle. All software artifacts on our platform are fully traceable, ensuring the accuracy and reliability of software applications.

We had 52 customers with ARR of at least $1.0 million as of December 31, 2024, increasing from 37 customers as of December 31, 2023. For the year ended December 31, 2024, our 10 largest customers represented approximately 8% of our total revenue. Additionally, approximately 40% of our revenue was generated from customers outside of the United States.

We had 74 customers with ARR of at least $1.0 million as of December 31, 2025, increasing from 52 customers as of December 31, 2024. For the year ended December 31, 2025, our 10 largest customers represented approximately 9% of our total revenue. Additionally, approximately 40% of our revenue was generated from customers outside of the United States.

“JFrog,” our logo, and our other registered or common law trademarks, service marks or trade names appearing in this Annual Report on Form 10-K are the property of JFrog Ltd. Other trademarks and trade names referred to in this Annual Report on Form 10-K are the property of their respective owners.

“JFrog,” our logo, and our other registered or common law trademarks, service marks or trade names appearing in this Annual Report on Form 10-K are the property of JFrog Ltd.

Our product innovation, thought leadership in software supply chain management, and knowledge sharing with software developer, security teams, machine learning, and IT operator communities engender trust that fuels increased usage of our products.

Our product innovation, thought leadership in software supply chain management and security, and knowledge sharing with software developer, security teams, AI/ML engineers, and IT operator communities engender trust that fuels increased usage of our products.

We enable organizations to analyze software packages for vulnerabilities, rapid remediation, license compliance, and quality issues in near real-time. Our fully integrated security solutions enable continuous automation of security policies from before a package enters the organization through to deployment to the runtime.

We enable organizations to analyze software packages and AI technologies such as ML models for vulnerabilities, rapid, agentic remediation, license compliance, and quality issues in near real-time. Our fully integrated security solutions enable continuous automation of security policies from before a package enters the organization through to deployment to the runtime.

Tracking and managing software at the package level enables organizations to make incremental updates to software and deliver trusted software bill of materials alongside their software releases. Universal package management allows software releases to be continuous, and capable of handling the volume, variety, security, and velocity of trusted software required today.

Tracking and managing software at the package level enables organizations to make incremental updates to packages and models, delivering trusted software and bills of materials alongside their software releases. Universal package management allows software releases to be continuous, and capable of handling the volume, variety, security, and velocity of trusted software required today.

Increasingly, the need to manage software components is being heavily influenced by the emerging needs to manage machine learning models (and large language models) and their dependencies. The increasingly large volumes and complexity of packages within an organization’s software supply chain requires a new, systematic, and automated approach to trusted management of packages.

Increasingly, the need to manage software components is being heavily influenced by the emerging needs to manage ML models (and large language models), AI technologies, and their dependencies. The increasingly large volumes and complexity of packages within an organization’s software supply chain requires a new, systematic, AI agent-ready, and automated approach to trusted management of packages.

The JFrog Platform allows customers to compile software from source code repositories, curate the importation of external software packages, manage the dependencies among components within software packages, keep these packages under a single universal repository, manage and automate the usage of open source libraries and packages, scan for vulnerabilities through various stages and contexts, distribute to endpoints, and deploy securely to production, all through a single user access point.

The JFrog Platform allows customers to compile software from source code repositories, curate the importation of external software packages and AI models, manage the dependencies among components within software packages, keep these packages under a single universal repository, manage and automate the usage of open source models, libraries and packages, scan for vulnerabilities through various stages and contexts, distribute to endpoints, and deploy securely to production, all through a single user access point or via model context protocol (“MCP”) functionality for AI agents.

This allows organizations to effectively and efficiently manage the full software supply chain through a single user access point. • A single source of truth for the digital organization. We designed JFrog Artifactory to be the only software package repository that an organization needs.

This allows organizations to effectively and efficiently manage the full software supply chain through access points best for the digital and human user in the era of AI. • A single source of truth for the digital organization. We designed JFrog Artifactory to be the only software package repository that an organization needs.

Code Versus Software Packages Modern society heavily relies on software, and most individuals understand that software comes from code generated by software developers. But software, in code form, doesn’t equate to an application.

Code Versus Software Packages & Artifacts Modern society heavily relies on software, and most individuals understand that software comes from code generated by software developers and, increasingly, AI agents and coding assistants. But software, in code form, doesn’t equate to an application.

We strive to foster a culture where all of our employees feel they are respected and treated equally, regardless of gender, race, ethnicity, color, age, disability, sexual orientation, gender identity, marital status, veteran status, pregnancy, HIV/AIDS status, cultural background, religious belief, genetic information status, or domestic violence status.

We strive to foster a culture where all of our employees feel they are respected and treated equally, regardless of gender, race, ethnicity, ancestry, color, age (40 and above), disability, sexual orientation, gender identity, gender expression, marital status, national origin, veteran status, pregnancy, reproductive health decision making, HIV/AIDS status, cultural background, religious belief, genetic information status, or domestic violence status.

It offers in-depth binary scanning to examine data that is not accessible via package managers, software bill of materials or typical metadata.

JFrog Advanced Security offers in-depth binary and contextual scanning to examine data that is not accessible via package managers, software bill of materials or typical metadata.

JFrog Distribution provides reliable, scalable, and secure software package distribution with enterprise-grade performance. It uses proprietary technology to reliably distribute packages to multiple locations and update them as new release versions are produced. JFrog Distribution offers native support for the major package technologies, allowing smooth integrations. • JFrog Connect.

It uses proprietary technology to reliably distribute packages to multiple locations and update them as new release versions are produced. JFrog Distribution offers native support for the major package technologies, allowing for smooth integrations. • JFrog Connect.

JFrog’s unified platform (“JFrog Platform”) is designed to universally manage and deploy all types of software packages within an organization, making it the system of record for an organization’s software, whether bespoke or consumed from a third party.

JFrog’s unified platform is designed to universally secure, manage and deploy all types of software artifacts within an organization, making it the system of record for an organization’s software, whether bespoke by hybrid development teams or consumed from a third party.

Competition We compete in the DevOps, DecSecOps, and MLOps markets on the basis of a number of factors, including: • ability to provide an end-to-end, unified platform for secure software supply chain workflows; • ability to provide security solutions across software developers and enterprise workflows; • ability to provide machine learning operation solutions across enterprise workflows; • breadth of technologies we support; • breadth of technology integrations; • total cost of ownership; • extensibility across organizations, including software developers, security teams, machine learning engineers, data scientists, and IT managers; • ability to enable collaboration between software developers, security teams, and IT operators; 13 Table of Contents • ability to deploy our products in any combination of cloud, multi-cloud or on-premises environments; • performance, security, scalability, and reliability in tandem; • quality of customer experience and satisfaction; • quality of customer support; • ease of implementation and use; and • brand recognition and reputation.

We intend to continue to expand our strategic sales team to identify new use cases and drive expansion and standardization on JFrog within our largest customers. 13 Table of Contents Competition We compete in the DevOps, DecSecOps, AI/MLOps and emerging DevGovOps markets on the basis of a number of factors, including: • ability to provide an end-to-end, unified platform for secure software supply chain workflows; • ability to provide security solutions across software developers and enterprise workflows; • ability to provide machine learning operation solutions across enterprise workflows; • ability to provide compliance and governance automation embedded within enterprise workflows; • breadth of technologies we support; • breadth of technology integrations; • total cost of ownership; • extensibility across organizations, including software developers, security teams, AI/ML engineers, data scientists, and IT managers; • ability to enable collaboration between software developers, security teams, and IT operators; • ability to deploy our products in any combination of cloud, multi-cloud or on-premises environments; • performance, security, scalability, and reliability in tandem; • quality of customer experience and satisfaction; • quality of customer support; • ease of implementation and use; and • brand recognition and reputation.

We provide a central, unified platform for our customers’ software release needs with our universal package management solution, JFrog Artifactory, at its core and a portfolio of adjacent solutions including build integration, workflow automation, software supply chain security, and deployment. We designed our products to integrate with each other natively, with a unified user interface.

Benefits to Our Customers • End-to-end, unified platform. We provide a central, unified platform for our customers’ software release needs with our universal package management solution, JFrog Artifactory, at its core and a portfolio of adjacent solutions including build integration, workflow automation, software supply chain security, and deployment.

Although we rely on intellectual property rights, including trade secrets, patents, copyrights, and trademarks, as well as contractual protections to establish and protect our proprietary rights, we believe that factors such as the technological and creative skills of our personnel, creation of new modules, features and functionality, and frequent enhancements to our platform are more essential to establishing and maintaining our technology leadership position.

Although we utilize intellectual property rights, as well as contractual protections to establish and protect our proprietary rights, we believe that the technological and creative skills of our personnel, creation of new modules, features, functionality, products, and frequent enhancements to our platform are more essential to establishing and maintaining our technology leadership position.

Our current paid subscription tiers include JFrog Pro, JFrog Pro X, JFrog Enterprise X, and JFrog Enterprise Plus. • JFrog Pro. JFrog Pro is cloud-only subscription that provides access only to the universal version of JFrog Artifactory and ongoing updates, upgrades, and bug fixes. • JFrog Pro X.

Natively integrated with JFrog’s Artifactory binary repository and JFrog Xray’s software composition analysis solutions, JFrog Advanced Security capabilities, including source code scanning (“SAST”), secrets detection, contextual analysis, Infrastructure as Code (“IaC”) scanning, container scanning, malicious machine learning model detection and more, offer holistic coverage for software supply chain security at scale. • JFrog Runtime Security.

Natively integrated with JFrog’s Artifactory binary repository and JFrog Xray’s software composition analysis solutions, JFrog Advanced Security 7 Table of Contents capabilities, including source code scanning (“SAST”), secrets detection, contextual analysis, Infrastructure as Code (“IaC”) scanning, container scanning, malicious machine learning model detection IDE extension security, transitive contextual analysis, AI agentic remediation capabilities, MCP scanning, and more, offering holistic coverage for software supply chain security at scale.

The following filings are available through our investor relations website after we file them with the SEC: Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, current reports on Form 8-K, and our Proxy Statement for our annual meeting of shareholders. These filings are also available for download free of charge on our investor relations website.

Accordingly, investors should monitor such portions of our website. In addition, the following filings are available through our investor relations website after we file them with the SEC: Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, current reports on Form 8-K, and our Proxy Statement for our annual meeting of shareholders.

Our unique model offers the same product in the cloud and on-premise, so users can work in any environment with an identical user experience. • Scalable across the organization. Proprietary technology allows our platform to seamlessly scale across even the largest of customers and deployments.

Our unique model offers the same product in the cloud and on-premises, so users can work and deploy in any environment based on workload or business needs. • Scalable across the organization. Proprietary technology allows our platform to seamlessly scale across even the largest of customers and deployments.

The vast majority of applications today are built using only a small percentage of original source code written by developers, with an estimated >80% of an application’s binaries coming from open source, existing software.

The vast majority of technologies today are built using only a small percentage of original source code written by developers or generative AI, with an estimated >80% of an application’s binaries (including containers, traditional software packages and AI/ML models) coming from open source, existing software.

They may be able to leverage these resources to gain business in a manner that discourages customers from purchasing our offerings. Furthermore, we expect that our industry will continue to attract new investments, including smaller emerging companies, which could introduce new offerings. We may also expand into new technology or geographical markets and encounter additional competitors in such markets.

They may be able to leverage these resources to gain business in a manner that discourages customers from purchasing 14 Table of Contents our offerings. Furthermore, we expect that our industry will continue to attract new investments, including smaller emerging companies, which could introduce new offerings.

This rapidly-evolving demand requires a new generation of tooling that encompasses the complete software supply chain; a platform that serves many functions in an organization.

A rapidly evolving marketplace demands a new generation of tooling that encompasses the complete software supply chain; a platform that serves many functions in an organization affected by rapid technology adoption.

We seamlessly integrate with source code repositories to push software updates and to manage software package flows between all software release gates seamlessly and continuously, offering a uniquely efficient way to orchestrate software release from build to deploy. • Hybrid and multi-cloud deployment. We empower organizations to release software that is execution-ready across any number of different production environments.

We seamlessly integrate with source code repositories to push software updates and to manage software package flows between all software release gates seamlessly and continuously, offering a uniquely efficient way to orchestrate software release from build to deploy. 8 Table of Contents • Fit-to-purpose hybrid and multi-cloud deployment.

Business Model We combine bottom-up and top-down approaches in our business model. The bottom-up approach is community focused, driving increased usage of our products, in which we focus on demonstrating the value that our products can provide to software developers, security teams, data scientists, and IT operators.

The bottom-up approach is community focused, driving increased usage of our products, in which we focus on demonstrating the value that our products can provide to software developers, security teams, data scientists, and IT operators. Increasingly, we have adopted a top-down motion for full platform adoption that focuses on enterprise values for both new and expansion business.

Additionally, we have steadily grown our international presence since inception and intend to continue to expand regionally as DevOps and DevSecOps practices are increasingly adopted around the world. • Expand and develop our technology partnership ecosystem.

DevGovOps functionality may allow us to penetrate high-budget departments within legal, compliance and governance organizations. Additionally, we have steadily grown our international presence since inception and intend to continue to expand regionally as AI, DevOps and DevSecOps practices are increasingly adopted around the world. • Expand and develop our technology partnership ecosystem.

While also partners, cloud providers, such as Amazon Web Services (“AWS”), Microsoft Azure (including Azure DevOps) and Alphabet Inc.’s Google Cloud, may compete with a subset of JFrog functionality. • Security point solutions. Some security-focused companies may compete with a subset of JFrog’s holistic security offerings or address only developer-level security, such as Aqua Security, Snyk, Sonatype, and Black Duck.

By using JFrog Catalog as a database of open source packages and their advanced metadata, Curation applies policies to govern the admission of new package versions into the company’s repositories. • Hierarchical graph of software packages.

JFrog Curation acts as a firewall for open source and third party packages coming from public repositories. By using JFrog Catalog as a database of open source packages and their advanced metadata, Curation applies policies to govern the admission of new package versions into the company’s repositories. • Trusted, governed software supply chain releases.

See Part I, Item 1A, "Risk Factors" in this Annual Report on Form 10-K for a more comprehensive description of risks related to our intellectual property. Government Regulations Our business activities are subject to various federal, state, local and international laws, rules and regulations.

See Part I, Item 1A, "Risk Factors" in this Annual Report on Form 10-K for a more comprehensive description of risks related to our intellectual property.

By tracking against a database of known vulnerabilities, our platform provides continuous security and analysis of software packages in the development environment, making it less likely for vulnerable components to reach production. • Easy user plugins.

Signed evidence in Artifactory, including evidence originating from third parties, are used to evaluate and record promotion decisions. • Hierarchical graph of software packages. By tracking against a database of known vulnerabilities, our platform provides continuous security and analysis of software packages in the development environment, making it less likely for vulnerable components to reach production. • Easy user extensions.

Our subscription structure is aligned with the way we have built our product platform, with JFrog Artifactory at the core of each subscription and a portfolio of specific solutions and services that differ by subscription tier. Our pricing model aligns the value we deliver with our customers’ needs as they scale. 9 Table of Contents • Technology partnership ecosystem.

In addition, we have international operations and intend to continue to expand these operations, and effective patent, copyright, trademark, and trade secret protection may not be available or may be limited in foreign countries.

Our patents issued may be contested, circumvented, found unenforceable or invalidated, and we may not be able to prevent third parties from infringing them. In addition, we have international operations and intend to continue to expand these operations, and effective patent, copyright, trademark, and trade secret protection may not be available or may be limited in foreign countries.

Our platform supports a wide variety of enterprise-scale storage and retention capabilities and also accommodates spikes in usage without compromised performance. The JFrog Platform supports High Availability cluster configuration, in which redundant components are created to maximize network uptime and can therefore seamlessly serve nearly any number of concurrent users, build servers, and interactions. • Trusted and secure.

The JFrog Platform supports High Availability cluster configuration, in which redundant components are created to maximize network uptime and can therefore seamlessly serve nearly any number of concurrent users, build servers, and human or agentic interactions. • Trusted and secure.

JFrog Curation understands package metadata, allowing companies to build policies around the entry or blocking of software packages into a company’s repositories based on multiple factors such as age, version number, security risk, release timelines, target environments, and more.

Customers use JFrog Curation to build policies around the entry or blocking of any software packages into a company’s repositories based on multiple factors such as age, version number, security risk, release timelines, target environments, and other metadata. JFrog Curation relies on the JFrog Catalog of open-source package information, with over 4 million unique packages and their advanced metadata available.

We rely on a combination of copyrights and trade secret laws, confidentiality procedures, employment agreements, license agreements, invention assignment agreements, trademarks, and patents to establish and protect our intellectual property rights, including our proprietary technology, software, know-how, and brand. 14 Table of Contents As of December 31, 2024, we hold a number of active patents and have filed patent applications both in the U.S. and in other countries.

We rely on a combination of copyrights and trade secret laws, patents, confidentiality procedures, employment agreements, license agreements, invention assignment agreements, and trademarks to establish and protect our intellectual property rights, including our proprietary technology, software, know-how, and brand.

Research and development employees are located primarily in our Israel and India offices. Our research and development team consists of our architects, software engineers, security experts, DevOps engineers, AI and machine learning experts, product management, quali ty assurance, and data collection teams. We intend to continue to invest in our research and development capabilities to extend our platform and products.

Our most significant investments in research and development are to drive core technology innovation and bring new products to market. Research and development employees are located primarily in our Israel and India offices. Our research and development team consists of our architects, software engineers, security experts, DevOps engineers, AI/ML experts, product management, quali ty assurance, and data collection teams.

Available Information Our website address is https://www.jfrog.com, our investor relations website is https://investors.jfrog.com, our blog https://www.jfrog.com/blog and our X account is @JFrog. We have used, and intend to continue to use, our website, investor relations website, our blog and X accounts as a means of disclosing material non-public information and for complying with our disclosure obligations under Regulation FD.

We have used, and intend to continue to use, our website, investor relations website, our blog and X accounts as a means of disclosing material non-public information and for complying with our disclosure obligations under Regulation FD. More specifically, such disclosures will be included on our investor relations website under the heading “News” from time to time.

The SEC also maintains an Internet website that contains reports, proxy statements and other information about issuers, like us, that file electronically with the SEC. The address of that website is https://www.sec.gov. We webcast our earnings calls and certain events in which we participate or host with members of the investment community on our investor relations website.

These filings are also available for download free of charge on our investor relations website. The SEC also maintains an Internet website that contains reports, proxy statements and other information about issuers, like us, that file electronically with the SEC. The address of that website is https://www.sec.gov.

This complete process is often referred to as management and securing of the “software supply chain.” Since JFrog’s inception with the creation of the software package management category (“JFrog Artifactory”), we have consistently innovated and added new solutions to expand the capabilities of our platform in demand of modern enterprises. 6 Table of Contents The JFrog Platform Solutions JFrog Platform solutions enable enterprise DevOps, DevSecOps, and AI/MLOps development teams to efficiently and securely collaborate to deliver traceable and trusted software at near-infinite scale. • JFrog Artifactory.

JFrog Xray is able to understand software packages at a binary level, utilizing the metadata stored in JFrog Artifactory to accurately uncover potential vulnerabilities, policy violations, and open source software license compliance issues.

JFrog Xray analyzes software packages at a binary level, utilizing the metadata stored in JFrog Artifactory to accurately uncover potential vulnerabilities, policy violations, and open source software license compliance issues. JFrog Xray also provides unique security information to customers that is derived from a dedicated security research team that uncovers vulnerabilities in public and private repositories. • JFrog Advanced Security.

Our cloud-native platform supports public cloud, on-premise, private cloud, multi-cloud, and hybrid deployments, helping organizations avoid vendor lock-in and allowing software developers, security, machine learning, and IT operators across an organization to use our products in any environment.

We empower organizations to release AI technologies and software applications that are execution-ready across any number of different production environments. JFrog cloud-native platform supports public cloud, on-premises, private cloud, multi-cloud, and hybrid deployments, helping organizations avoid vendor lock-in and allowing software developers, security, AI/ML teams, and IT operators across an organization to use our products in any chosen environment.

Research and Development Our research and development organization is responsible for the design, development, testing, and delivery of new technologies, featu res, and integrations of our platform, as well as the continued improvement and iteration of our existing products. Our most significant investments in research and development are to drive core technology innovation and bring new products to market.

We may also expand into new technology or geographical markets and encounter additional competitors in such markets. Research and Development Our research and development organization is responsible for the design, development, testing, and delivery of new technologies, featu res, and integrations of our platform, as well as the continued improvement and iteration of our existing products.

JFrog ML is a platform-integrated solution designed for data science and MLOps teams to transform and store data, build, train, and deploy models, and monitor the entire Machine Learning pipeline as part of the JFrog Software Supply Chain Platform. 7 Table of Contents Benefits to Our Customers • End-to-end, unified platform.

JFrog ML is a platform-integrated solution designed for data science and AI/MLOps teams to transform and store data, build, train, secure, and deploy models, and monitor the entire Machine Learning and Artificial Intelligence pipelines (including public, bespoke, and large language models) as part of the JFrog Platform. • JFrog AI Catalog.

For example, we are subject to numerous laws, directives, and regulations regarding privacy, data protection, and data security and the collection, storing, sharing, use, processing, transfer, disclosure, and protection of personal information and other data. In addition, in some cases, our software is subject to export control laws and regulations, including the Export Administration Regulations administered by the U.S.

Government Regulations Our business activities are subject to various federal, state, local and international laws, rules and regulations. For example, we are subject to numerous laws, directives, and regulations regarding privacy, data protection, and data security and the collection, storing, sharing, use, processing, transfer, disclosure, and protection of personal information and other data.

JFrog serves demanding enterprises, leading companies to increasingly appoint JFrog as their system of record across their software development organizations. Software and the Business Environment Software’s role has changed from a functional tool to a cornerstone of nearly every company, dictating that the continuous development and release of software is now a mission-critical operation.

Software and the Business Environment Software’s role has changed from a functional tool to a cornerstone of nearly every company, dictating that the continuous development and release of software is now a mission-critical operation. Beyond providing competitive advantage for companies, the safety and security of data and operations is software-dependent and increasingly influenced by AI.

Workforce Health and Safety In addition to traditional employee benefits, we have implemented a number of initiatives to support the well-being, safety and health of our employees.

Workforce Health and Safety In addition to traditional employee benefits, we have implemented a number of initiatives to support the well-being, safety and health of our employees. We provide comprehensive health and wellness benefits appropriate for each jurisdiction in which we have employees. Additionally, we are committed to workplace safety and security through office maintenance, employee training, and emergency protocols.

End-to-end platform for development of machine learning applications and management of their versioned software components, including model and dataset registry, feature store, security scanning, model experiment tracking, model promotion, deployment, serving and monitoring. • Smart IoT updates.

The ability to have bi-directional content synchronization across multi-site, globally distributed repositories, used for disaster recovery and geo-location transparency. • Machine learning lifecycle management. End-to-end platform for development of ML applications and management of their versioned software components, including model and dataset registry, feature store, security scanning, model experiment tracking, model promotion, deployment, serving and monitoring.

JFrog Runtime Security is an optional add-on for select JFrog subscriptions that is designed to work seamlessly with other JFrog Security solutions. It offers insight into runtime environments (such as Kubernetes clusters), delivering full visibility and traceability of compromising software components for DevOps and Security teams. • JFrog Distribution.

It offers insight into runtime environments (such as Kubernetes clusters), delivering full visibility and traceability of potentially compromising software components for DevOps and Security teams. • JFrog Distribution. JFrog Distribution provides reliable, scalable, and secure software package distribution with enterprise-grade performance.

Additionally, we provide notifications of news or announcements regarding our financial performance, including SEC filings, investor events, press and earnings releases, and blogs as part of our investor relations website. Further corporate governance information, including our corporate governance guidelines, code of business conduct and ethics, and committee charters is also available on our investor relations website.

Further corporate governance information, including our corporate governance guidelines, global code of business conduct and ethics, and committee charters is also available on our investor relations website.

We annually conduct talent reviews and succession planning and the Board of Directors receives updates from senior management regarding succession planning, management talent assessment, and employee attrition. The Compensation Committee of the Board oversees our approach to human capital and provides oversight of our overall compensation philosophy, policies, and programs, ensuring their respective alignment with our human capital strategy.

Employees and Human Capital Our Board of Directors and its committees share oversight of our human capital management strategy. We conduct talent reviews as well as annual succession planning and the Board of Directors receives updates from senior management regarding succession planning, management talent assessment, and employee attrition.

We utilize our proprietary technology to store and index metadata, allowing it to be queried for multiple uses such as package promotion, tagging, security, and more, which enables automation. This metadata is critical for organizations meeting new strict software bill of materials requirements. • Checksum-based storage.

Every package in JFrog Artifactory is stored and referenced using metadata, including dependencies, author, and date modified. We utilize our proprietary technology to store and index metadata, allowing it to be queried for multiple uses such as package promotion, tagging, security, and more, which enables automation.

The proliferation of open source software, and availability of newer and more efficient software development technologies such as AI technologies, enable organizations to produce software at an increasing rate. However, with speed can come software supply chain complexity through disparate services, adoption of containers, and deployment across hybrid and multi-cloud environments.

The proliferation of open source software, AI and ML models and availability of newer and more efficient software development technologies such as Agentic AI and Generative AI, enable organizations to produce software at an increasing rate.

… 84 more changes not shown on this page.

Item 1A. Risk Factors

Risk Factors — what could go wrong, per management

200 edited+47 added−29 removed277 unchanged

2024 filing

2025 filing

Biggest changeSummary of Risk Factors Investing in our ordinary shares involves a high degree of risk because our business is subject to numerous risks and uncertainties, including those outside of our control that could cause our actual results to be harmed, including, but not limited to risks related to: • our future financial performance, including our expectations regarding our revenue, cost of revenue, gross profit, operating expenses, operating cash flow and free cash flow, and our ability to achieve, and maintain, future profitability; 17 Table of Contents • market acceptance of our products and our ability to develop new products or enhancements to existing products and to bring them to market in a timely manner; • the effects of increased competition in our markets and our ability to compete effectively; • anticipated trends, growth rates and challenges in our business and in the markets in which we operate; • our ability to maintain and expand our customer base, including by attracting new customers in existing and new markets; • our ability to maintain the security and availability of our products; • our ability to comply with stringent and changing laws, regulations, standards, and contractual obligations related to privacy, data protection, and data security; • our business model, including our subscription model, and our ability to effectively manage our growth and associated investments; • our ability to integrate and realize anticipated synergies from acquisitions of complementary businesses; • beliefs and objectives for future operations, including regarding our market opportunity; • our relationships with third parties, including our technology partners and cloud providers; • our ability to maintain, protect, and enhance our intellectual property rights; • our expectations about the impact of unfavorable economic conditions, and adverse macroeconomic conditions, such as inflation rates and slower growth or recession, on our business and financial condition; • your rights and responsibilities as our shareholders that are governed by Israeli law, which may differ in some respects from the rights and responsibilities of shareholders of U.S. corporations; • our ability to maintain an effective system of disclosure controls and internal control over financial reporting, and to produce timely and accurate financial statements or comply with applicable regulations; • our expectations about the impact of global economic disruptions resulting from natural disasters, public health epidemics, protests or riots, and geopolitical tensions or war, such as the war between Hamas, Hezbollah, and Israel, regional conflict in the Middle East, and the war in Ukraine, on our business, results of operations and financial condition; • our ability to successfully defend litigation brought against us; • our ability to attract and retain qualified employees and key personnel; • the sufficiency of our cash and cash equivalents to meet our liquidity needs; • our ability to comply with laws and regulations that currently apply or become applicable to our business in Israel, the United States and internationally; • changes in effective tax rates or laws applicable us, including under the laws of Israel, the U.S., and other jurisdictions in which we may be subject to taxation; and • the future trading prices of our ordinary shares. 18 Table of Contents Risks Related to Our Business and Industry Our business and operations have experienced significant growth, and if we do not appropriately manage future growth, if any, or are unable to improve and scale our systems, processes, and controls, our business, financial condition, results of operations, and prospects will be adversely affected.

Biggest changeSummary of Risk Factors Investing in our ordinary shares involves a high degree of risk because our business is subject to numerous risks and uncertainties, including those outside of our control that could cause our actual results to be harmed, including, but not limited to risks related to: • our future financial performance, including our expectations regarding our revenue, cost of revenue, gross profit, operating expenses, operating cash flow and free cash flow, and our ability to achieve, and maintain, future profitability; • customers’ adoption of our products and our ability to develop new products or enhancements to existing products and to bring them to market in a timely manner; • the effects of increased competition in our markets and our ability to compete effectively; • anticipated trends, growth rates and challenges in our business and in the markets in which we operate; • our ability to maintain and expand our customer base, including by attracting new customers in existing and new markets; • our ability to maintain the security and availability of our products; • our ability to comply with stringent and changing laws, regulations, standards, and contractual obligations related to privacy, data protection, and data security; • our business model, including our subscription model, and our ability to effectively manage our growth and associated investments; • our ability to integrate and realize anticipated synergies from acquisitions of complementary businesses; • beliefs and objectives for future operations, including regarding our market opportunity; • our relationships with third parties, including our technology partners and cloud providers; • our ability to maintain, protect, and enhance our intellectual property rights; • our expectations about the impact of unfavorable economic conditions, and adverse macroeconomic conditions, such as inflation rates and slower growth or recession, on our business and financial condition; • your rights and responsibilities as our shareholders that are governed by Israeli law, which may differ in some respects from the rights and responsibilities of shareholders of U.S. corporations; • our ability to maintain an effective system of disclosure controls and internal control over financial reporting, and to produce timely and accurate financial statements or comply with applicable regulations; 18 Table of Contents • our expectations about the impact of global economic disruptions resulting from natural disasters, public health epidemics, protests or riots, and geopolitical tensions, such as the imposition of tariffs and other non-tariff trade barriers, or regional conflict on our business, results of operations and financial condition; • our ability to successfully defend litigation brought against us; • our ability to attract and retain qualified employees and key personnel; • the sufficiency of our cash and cash equivalents to meet our liquidity needs; • our ability to comply with laws and regulations that currently apply or become applicable to our business in Israel, the United States and internationally; • changes in effective tax rates or laws applicable us, including under the laws of Israel, the U.S., and other jurisdictions in which we may be subject to taxation; and • the future trading prices of our ordinary shares.

In addition, if a breach of data security were to occur or to be alleged to have occurred, if any violation of laws and regulations relating to privacy, data protection, or data security were to be alleged, or if we had any actual or alleged defect in our safeguards or practices relating to privacy, data protection, or data security, our solutions may be perceived as less desirable and our business, prospects, financial condition, and results of operations could be materially and adversely affected.

In addition, if a security breach or incident were to occur or to be alleged to have occurred, if any violation of laws and regulations relating to privacy, data protection, or data security were to be alleged, or if we had any actual or alleged defect in our safeguards or practices relating to privacy, data protection, or data security, our solutions may be perceived as less desirable and our business, prospects, financial condition, and results of operations could be materially and adversely affected.

As a result, these shareholders, acting together, will have control over certain matters that require approval by our shareholders, including matters such as the appointment and dismissal of directors, capital increases, amendment to our articles of associations, and approval of certain corporate transactions. Corporate action might be taken even if other shareholders oppose them.

As a result, these shareholders, acting together, will likely have control over certain matters that require approval by our shareholders, including matters such as the appointment and dismissal of directors, capital increases, amendment to our articles of associations, and approval of certain corporate transactions. Corporate action might be taken even if other shareholders oppose them.

The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results, and reputation.

The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results, and reputation.

Travel Act, the USA PATRIOT Act, the United Kingdom Bribery Act 2010, the Proceeds of Crime Act 2002, Chapter 9 (sub-chapter 5) of the Israeli Penal Law, 1977, the Israeli Prohibition on Money Laundering Law–2000 and possibly other anti-bribery and anti-money laundering laws in countries outside of the U.S. in which we conduct our activities.

Travel Act, the USA PATRIOT Act of 2001, the United Kingdom Bribery Act 2010, the Proceeds of Crime Act 2002, Chapter 9 (sub-chapter 5) of the Israeli Penal Law, 1977, the Israeli Prohibition on Money Laundering Law–2000 and possibly other anti-bribery and anti-money laundering laws in countries outside of the U.S. in which we conduct our activities.

These defects, security vulnerabilities, errors, or performance failures could cause breach of contractual provisions, thereby exposing us to liabilities, termination of agreements, loss of customers or revenue, order cancellations, service terminations, damage to our reputation, or lack of market acceptance of our products.

These defects, security vulnerabilities, errors, or other performance failures could cause breach of contractual provisions, thereby exposing us to liabilities, termination of agreements, loss of customers or revenue, order cancellations, service terminations, damage to our reputation, or lack of market acceptance of our products.

Our results of operations, including our revenue, cost of revenue, gross margin, operating expenses, cash flow, and deferred revenue, have fluctuated from quarter to quarter in the past and may continue to vary significantly in the future so that period-to-period comparisons of our results of operations may not be meaningful.

Our results of operations, including our revenue, cost of revenue, gross margin, operating expenses, and cash flow, have fluctuated from quarter to quarter in the past and may continue to vary significantly in the future so that period-to-period comparisons of our results of operations may not be meaningful.

If we or other software and SaaS providers experience security incidents, loss of customer data, or disruptions in delivery or service, the market for these applications as a whole, including our platform and products, may be negatively affected.

You should carefully consider the risks and uncertainties described below, together with all of the other information contained in this Annual Report on Form 10-K, including the section titled “Management’s Discussion and Analysis of Financial Condition and Result of Operations” and our audited consolidated financial statements and the related notes thereto, before making a decision to invest in our ordinary shares.

You should carefully consider the risks and uncertainties described below, together with all of the other information contained in this Annual Report on Form 10-K, including the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our audited consolidated financial statements and the related notes thereto, before making a decision to invest in our ordinary shares.

Our agreements with customers and other third parties may include indemnification provisions under which we agree to indemnify them for losses suffered or incurred as a result of claims by third parties against customers, alleging intellectual property infringement, misappropriation or violation, or other liabilities relating to or arising from our software, services or other contractual obligations.

Our agreements with customers and other third parties generally include indemnification provisions under which we agree to indemnify them for losses suffered or incurred as a result of claims by third parties against customers, alleging intellectual property infringement, misappropriation or violation, or other liabilities relating to or arising from our software, services or other contractual obligations.

We have in the past and may in the future need to issue corrective releases of our products to fix these defects, errors, or performance failures, and develop processes and controls which could require us to allocate significant research and development and customer support resources to address these problems.

We have in the past and may in the future need to issue corrective releases of our products to fix these defects, errors, security vulnerabilities, or performance failures, and develop processes and controls which could require us to allocate significant research and development and customer support resources to address these problems.

Risks Related to Foreign Operations Our international operations and expansion expose us to risks. Our primary research and development operations are located in Israel. As of December 31, 2024, we had customers located in over 90 countries, and our strategy is to continue to expand internationally. In addition, as a result of our strategy of leveraging a distributed workforce.

Risks Related to Foreign Operations Our international operations and expansion expose us to risks. Our primary research and development operations are located in Israel. As of December 31, 2025, we had customers located in over 90 countries, and our strategy is to continue to expand internationally. In addition, as a result of our strategy of leveraging a distributed workforce.

Suppliers of the third-party AI models we use in our products and business could terminate their relationship with us, cease to make certain models available to us, or make certain models more expensive for us to use. AI technology also may be the subject of new or modified legal and regulatory obligations.

Suppliers of the third-party AI models we use in our platform and business could terminate their relationship with us, cease to make certain models available to us, or make certain models more expensive for us to use. AI technology also may be the subject of new or modified legal and regulatory obligations.

Because our customers rely on our products to manage a wide range of operations, the incorrect implementation, use of, or our customers’ failure to update, our products or our failure to train customers on how to use our products productively has in the past and may in the future result in customer dissatisfaction and negative publicity and may adversely affect our reputation and brand.

Our operations in China are subject to a number of risks relating to China’s economic and political systems, including but not limited to: • A government-controlled foreign exchange rate and limitations on the convertibility of the Chinese Renminbi; • Uncertainty regarding the validity, enforceability, and scope of protection for intellectual property rights and the practical difficulties of enforcing such rights; • Ability to secure our business proprietary information located in China from unauthorized acquisition; • Extensive government regulation; • Changing governmental policies relating to tax benefits available to foreign-owned businesses; • A relatively uncertain legal system; • Application of and limitations related to the DSL and PIPL regulations over processing of data and personal data within China as well as cross-border data transfers and other activities outside of China; and • Instability related to continued economic, political, and social reform.

Our operations in China are subject to a number of risks relating to China’s economic and political systems, including but not limited to: • a government-controlled foreign exchange rate and limitations on the convertibility of the Chinese Renminbi; • uncertainty regarding the validity, enforceability, and scope of protection for intellectual property rights and the practical difficulties of enforcing such rights; • ability to secure our business proprietary information located in China from unauthorized acquisition; • extensive government regulation; • changing governmental policies relating to tax benefits available to foreign-owned businesses; • a relatively uncertain legal system; • application of and limitations related to the Data Security Law of 2021 and Personal Information Protection Law of 2021 regulations over processing of data and personal data within China as well as cross-border data transfers and other activities outside of China; and • instability related to continued economic, political, and social reform.

Accordingly, it is difficult to predict customer adoption and renewals and demand for our platform and our products, the entry of competitive products, the success of existing competitive products, or the future growth rate, expansion, longevity, and the size of the DevOps, DevSecOps, MLOps, and software release management software markets.

Accordingly, it is difficult to predict customer adoption and renewals and demand for our products, the entry of competitive products, the success of existing competitive products, or the future growth rate, expansion, longevity, and the size of the DevOps, DevSecOps, AI/MLOps, and software release management software markets.

Our platform consists of multiple products in DevOps, DevSecOps, and MLOps, and we compete in each product category as well as at the entire platform level. The market for our products is highly fragmented, quickly evolving, and subject to rapid changes in technology.

Our platform consists of multiple products in DevOps, DevSecOps, DevGovOps, and AI/MLOps, and we compete in each product category as well as at the entire platform level. The market for our products is highly fragmented, quickly evolving, and subject to rapid changes in technology.

In addition, acts of terrorism, pandemics, such as the outbreak of the novel coronavirus or another public health crisis, protests, riots, and other geopolitical unrest could cause disruptions in our business or the business of our partners, customers, or the economy as a whole.

In addition, acts of terrorism, pandemics (such as the outbreak of the novel coronavirus or another public health crisis), protests, riots, armed conflict, and other geopolitical unrest could cause disruptions in our business or the business of our partners, customers, or the economy as a whole.

It is uncertain whether these channel partners will be successful in co-marketing our solutions to provide a significant volume and quality of lead referrals and orders or whether they will continue to work with us long-term. 25 Table of Contents While also partners, public cloud providers (AWS, Azure and Google Cloud) may compete with a subset of JFrog functionality.

It is uncertain whether these channel partners will be successful in co-marketing our solutions to provide a significant volume and quality of lead referrals and orders or whether they will continue to work with us long-term. While also partners, public cloud providers (AWS, Azure and Google Cloud) may compete with a subset of JFrog functionality.

Our use of AI technologies may expose us to additional claims, demands, and proceedings by private parties, customers, and regulatory authorities and subject us to legal liability as well as brand and reputational harm, confidentiality or security risks, competitive harm, ethical and social concerns, or other complications that 32 Table of Contents could adversely affect our business, reputation, or financial results.

Our use of AI technologies may expose us to additional claims, demands, and proceedings by private parties, customers, and regulatory authorities and subject us to legal liability as well as brand and reputational harm, confidentiality or security risks, competitive harm, ethical and social concerns, or other complications that could adversely affect our business, reputation, or financial results.

Case law clarifies that the right to receive consideration for “service inventions” 34 Table of Contents can be waived by the employee and that, in certain circumstances, such waiver does not necessarily have to be explicit. The Committee will examine, on a case-by-case basis, the general contractual framework between the parties, applying interpretation rules of the general Israeli contract laws.

Case law clarifies that the right to receive consideration for “service inventions” can be waived by the employee and that, in certain circumstances, such waiver does not necessarily have to be explicit. The Committee will examine, on a case-by-case basis, the general contractual framework between the parties, applying interpretation rules of the general Israeli contract laws.

Further, the process for obtaining necessary licenses may be time-consuming or unsuccessful, potentially causing delays in sales or losses of sales opportunities. Trade Controls are complex and dynamic regimes, and monitoring and ensuring compliance can be challenging, particularly given that our products are widely distributed throughout the world and are available for download without registration.

Further, the process for obtaining necessary licenses may be time-consuming or unsuccessful, potentially causing delays in sales or losses of sales opportunities. Trade Controls are complex and dynamic 41 Table of Contents regimes, and monitoring and ensuring compliance can be challenging, particularly given that our products are widely distributed throughout the world and are available for download without registration.

Further, our products incorporating encryption functionality may be subject to special controls applying to encryption items and/or certain reporting requirements. 40 Table of Contents While we take precautions and maintain procedures to prevent our products and solutions from being exported in violation of these laws, we cannot guarantee that the precautions we take will prevent violations of export control and sanctions laws.

Further, our products incorporating encryption functionality may be subject to special controls applying to encryption items and/or certain reporting requirements. While we take precautions and maintain procedures to prevent our products and solutions from being exported in violation of these laws, we cannot guarantee that the precautions we take will prevent violations of export control and sanctions laws.

Our products are inherently complex and, despite extensive testing and quality control, have in the past and may in the future contain defects or errors, especially when first introduced, or not perform as contemplated.

Our products are inherently complex and, despite extensive testing and quality control, have in the past and may in the future contain defects or errors, or security vulnerabilities, especially when first introduced, or not perform as contemplated.

Further, public scrutiny of, or complaints about, technology companies or their data handling or data protection practices, even if unrelated to our business, industry, or operations, may lead to increased scrutiny of technology companies, including us, and may cause government agencies to enact additional regulatory requirements, or to modify their enforcement or investigation activities, which may increase our costs and risks.

Further, public scrutiny of, or complaints about, technology companies or their data handling or data protection practices, even if unrelated to our business, industry, or operations, may lead 39 Table of Contents to increased scrutiny of technology companies, including us, and may cause government agencies to enact additional regulatory requirements, or to modify their enforcement or investigation activities, which may increase our costs and risks.

Any disruption in the business of our partners or 49 Table of Contents customers that affects sales in a given fiscal quarter could have a significant adverse impact on our quarterly results for that and future quarters. All of the aforementioned risks may be further increased if our disaster recovery plans prove to be inadequate.

Any disruption in the business of our partners or customers that affects sales in a given fiscal quarter could have a significant adverse impact on our quarterly results for that and future quarters. All of the aforementioned risks may be further increased if our disaster recovery plans prove to be inadequate.

Additionally, any actual or perceived privacy, data protection, or data security incident, or even any perceived defect with regard to our practices or measures in these areas, may negatively impact public sector demand for our products.

Effective patent, trademark, copyright, and trade secret protection may not be available to us in every country in which our products are available. We may be unable to prevent third parties from acquiring domain names or trademarks that are similar to, infringe upon, or diminish the value of our trademarks and other proprietary rights.

Effective patent, trademark, copyright, and trade secret protection may not be available to us in every country in which our platform is available. We may be unable to prevent third parties from acquiring domain names or trademarks that are similar to, infringe upon, or diminish the value of our trademarks and other proprietary rights.

Additionally, if third parties we work with violate applicable laws, regulations, or contractual obligations, such violations may 38 Table of Contents put our users’ data at risk, could result in governmental investigations or enforcement actions, fines, litigation, claims, or public statements against us by privacy advocacy groups or others, and could result in significant liability, cause our customers to lose trust in us, and otherwise materially and adversely affect our reputation and business.

Additionally, if third parties we work with violate applicable laws, regulations, or contractual obligations, such violations may put our users’ data at risk, could result in governmental investigations or enforcement actions, fines, litigation, claims, or public statements against us by privacy advocacy groups or others, and could result in significant liability, cause our customers to lose trust in us, and otherwise materially and adversely affect our reputation and business.

Further, in the event a court finds the exclusive forum provision contained in our amended and restated Articles of Association to be unenforceable or 45 Table of Contents inapplicable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our results of operations.

Further, in the event a court finds the exclusive forum provision contained in our amended and restated Articles of Association to be unenforceable or inapplicable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our results of operations.

We typically provide service-level commitments under our subscription agreements. If we fail to meet these or materially breach other contractual commitments, we could face liabilities or subscription termination with refunds of prepaid amounts, which would decrease our revenue and harm our business, financial condition, and results of operations. Our subscription agreements typically contain service-level commitments.

We provide service-level commitments under our subscription agreements. If we fail to meet these or materially breach other contractual commitments, we could face liabilities or subscription termination with refunds of prepaid amounts, which would decrease our revenue and harm our business, financial condition, and results of operations. Our cloud subscription agreements contain uptime commitments.

We have also registered the offer and sale of all ordinary shares that we may issue under our equity compensation plan and employee stock purchase plan. The issuance of additional shares in connection with financings, acquisitions, investments, our share incentive plans or otherwise will dilute all other shareholders.

We have also registered the offer and sale of all ordinary shares that we may issue under our equity compensation plan and employee stock purchase plan. 45 Table of Contents The issuance of additional shares in connection with financings, acquisitions, investments, our share incentive plans or otherwise will dilute all other shareholders.

If we do not have sufficient rights to use the output of such AI and machine learning tools, or other data or content on which the AI and machine learning tools we use rely, we also may incur liability by violation of applicable laws and regulations, third-party intellectual property or other rights, or contracts to which we are a party.

If we do not have sufficient rights to use the output of such AI and ML tools, or other data or content on which the AI and ML tools we use rely, we also may incur liability by violation of applicable laws and regulations, third-party intellectual property or other rights, or contracts to which we are a party.

We believe that our ability to compete successfully depends upon many factors both within and beyond our control, including, but not limited to, the following: • ability to provide an end-to-end, unified platform solution for the DevOps, MLOps and DevSecOps workflows; • ability to provide updated security products to create and maintain trusted software releases; • breadth of technologies we support; • breadth of technology integrations; • total cost of ownership; 22 Table of Contents • extensibility across organizations, including software developers, security teams, machine learning engineers, data scientists, and IT operators; • ability to enable collaboration between software developers, security teams, and IT operators; • ability to deploy our products in any combination of cloud, multi-cloud, on-premise, or hybrid environments; • performance, security, scalability, and reliability; • quality of customer experience and satisfaction; • quality of customer support; • ease of implementation and use; and • brand recognition and reputation.

We believe that our ability to compete successfully depends upon many factors both within and beyond our control, including, but not limited to, the following: • ability to provide an end-to-end, unified platform solution for the DevOps, DevSecOps, DevGovOps, and AI/MLOps workflows; • ability to provide updated security products to create and maintain trusted software releases; • breadth of technologies we support; • breadth of technology integrations; • total cost of ownership; • extensibility across organizations, including software developers, security teams, machine learning engineers, data scientists, and IT operators; • ability to enable collaboration between software developers, security teams, and IT operators; • ability to deploy our products in any combination of cloud, multi-cloud, on-premises, or hybrid environments; • performance, security, scalability, and reliability; • quality of customer experience and satisfaction; • quality of customer support; • ease of implementation and use; and • brand recognition and reputation.

Accordingly, it is not possible to predict all of the risks related to the use of AI and machine learning technologies that we may face, and changes in laws, rules, directives, and regulations governing the use of AI and machine learning technologies may adversely affect our ability to use or sell these technologies or subject us to legal liability.

Accordingly, it is not possible to predict all of the risks related to the use of AI and ML technologies that we may face, and changes in laws, rules, directives, and regulations governing the use of AI and ML technologies may adversely affect our ability to use or sell these technologies or subject us to legal liability.

The Israeli Privacy Protection Law, 1981 (PPL), and its regulations, including but not limited to the Israeli Privacy Protection Regulations (Data Security) 2017 (Security Regulations) impose obligations regarding processing, transferring and securing of personal data.

The Israeli Privacy Protection Law, 1981 (“PPL”), and its regulations, including but not limited to the Israeli Privacy Protection Regulations (Data Security) 2017 (Security Regulations) impose obligations regarding processing, transferring and securing of personal data.

Further, any provisions in our customer and user agreements, contracts with our vendors and service providers, or other contracts relating to limitations of liability, may not be enforceable or adequate or otherwise protect us from any liabilities or damages with respect to any particular claim relating to a security breach or other security-related matter.

Further, any provisions in our customer and user agreements, contracts with our vendors and service providers, or other contracts relating to limitations of liability, may not be enforceable or adequate or otherwise protect us from any liabilities or damages relating to a security breach or other security-related matter.

Because a material part of our research and development is conducted in Israel and certain members of our board of directors and management (as well as more than half of our employees and consultants) are located in Israel, our business and operations could be affected by economic, political, geopolitical, and military conditions in Israel.

A material part of our research and development activities is conducted in Israel and certain members of our board of directors and management, as well as more than half of our employees and consultants, are located in Israel. As a result, our business and operations could be affected by economic, political, geopolitical, and military conditions in Israel.

Our failure to have sufficient capital to do any of these things could harm our business, financial condition, and results of operations. 31 Table of Contents A minor portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.

Our failure to have sufficient capital to do any of these things could harm our business, financial condition, and results of operations. A minor portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.

We must continue to improve and expand our information technology and financial infrastructure, our security and compliance requirements, our operating and administrative systems, our relationships with various partners and other third parties, and our ability to manage headcount and processes in an efficient manner to manage our growth effectively.

We must continue to improve and expand our information technology and financial infrastructure, our security and compliance requirements, our operating and administrative systems, our relationships with cloud providers, technology partners, other third parties, and our ability to manage headcount and processes in an efficient manner to manage our growth effectively.

In addition, our customers and users may also disclose or leak their passwords, API keys, or secrets that could lead to unauthorized access to their accounts and data, including information about their software, source code, and security environment, stored within our products.

In addition, our customers and users may disclose or leak their passwords, API keys, or secrets that could lead to unauthorized access to their accounts and data, including information about their software, source code, and security environment, stored within our products and associated systems.

As of the date of this Annual Report on Form 10-K, the full impact of the war between Israel, Hamas and Hezbollah, the regional conflict in the Middle East, the war between Russia and Ukraine, and related global economic disruptions on our financial condition and results of operations remains uncertain.

As of the date of this Annual Report on Form 10-K, the full impact of the regional conflict in the Middle East, the war between Russia and Ukraine, and related global economic disruptions on our financial condition and results of operations remains uncertain.

If DevOps, DevSecOps, MLOps, and software release management software do not continue to achieve market acceptance, or there is a reduction in demand caused by decreased customer acceptance, technological 21 Table of Contents challenges, weakening economic conditions, privacy, data protection and data security concerns, governmental regulation, competing technologies and products, or decreases in information technology or other spending, the market for our platform and products might not continue to develop or might develop more slowly than we expect, which could adversely affect our business, financial condition, and results of operations.

If DevOps, DevSecOps, DevGovOps, AI/MLOps, and software release management software do not continue to achieve market acceptance, or there is a reduction in demand caused by decreased customer acceptance, technological challenges, weakening economic conditions, privacy, data protection and data security concerns, governmental regulation, competing technologies and products, or decreases in information technology or other spending, the market for our products might not continue to develop or might develop more slowly than we expect, which could adversely affect our business, financial condition, and results of operations.

Government demand and payment for our products may be affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products.

Government demand and payment for our platform may be affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our platform.

In addition, if our subscriptions change, then we may need to revise our pricing 29 Table of Contents strategies. Any such changes to our pricing strategies or our ability to efficiently price our offerings could adversely affect our business, results of operations, and financial condition.

In addition, if our subscriptions change, then we may need to revise our pricing strategies. Any such changes to our pricing strategies or our ability to efficiently price our offerings could adversely affect our business, results of operations, and financial condition.

You should not rely on the results of any prior quarterly or annual period as an indication of our future performance. Even if our revenue continues to increase, we expect our revenue growth rate to decline in future periods.

You should not rely on the results of any prior quarterly or annual period as an indication of our future performance. Even if our revenue continues to increase, our revenue growth rate may decline in future periods.

Moreover, recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business.

Moreover, recent hires 29 Table of Contents and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business.

We may not be able to anticipate how to respond to rapidly evolving legal frameworks, and we may have to expend resources to adjust our offerings in certain jurisdictions if the legal frameworks on AI and machine learning technologies are not consistent across jurisdictions.

We may not be able to anticipate how to respond to rapidly evolving legal frameworks, and we may have to expend resources to adjust our offerings in certain jurisdictions if the legal frameworks on AI and ML technologies are not consistent across jurisdictions.

If we are unable to continue to meet customer demand, if our products fail to compete with the products of our competitors, if we fail to achieve more widespread market acceptance of JFrog Artifactory, or if our 23 Table of Contents products fail to meet statutory, regulatory, contractual, or other applicable requirements, then our business, results of operations, and financial condition would be harmed.

If we are unable to continue to meet customer demand, if our products fail to compete with the products of our competitors, if we fail to achieve more widespread market acceptance of JFrog Artifactory, or if our platform and products fail to meet statutory, regulatory, contractual, or other applicable requirements, then our business, results of operations, and financial condition would be harmed.

Israeli labor courts have required employers seeking to enforce non-compete undertakings of a former employee to demonstrate that the competitive activities of the former employee will harm one of a limited number of material interests of the employer that have been recognized by the courts, such as the protection of a company’s trade secrets or other intellectual property.

Israeli labor courts have required employers seeking to enforce non-compete undertakings of a former employee to demonstrate that the competitive 25 Table of Contents activities of the former employee will harm one of a limited number of material interests of the employer recognized by the courts, such as the protection of a company’s trade secrets or other intellectual property.

The loss of the services of any of our key personnel, the inability to attract or retain qualified personnel, or delays in hiring required personnel, particularly in engineering and sales, may seriously harm our business, financial condition, and results 24 Table of Contents of operations.

We believe that developing and maintaining widespread awareness of our brand, especially with developers, security teams, data scientists, and IT operators, is critical to achieving widespread acceptance of our software and attracting new users and 28 Table of Contents customers.

Additionally, we rely on certain partners to provide technical support services to certain of our government entity customers to resolve any issues relating to our products.

Additionally, we rely on certain partners to provide technical support services to certain of our government entity customers to resolve any issues relating to our platform.

Subject to prior approval of the IIA, we may transfer the IIA-funded know-how to another Israeli company. If the IIA-funded know-how is transferred to another Israeli entity, the transfer would still require IIA approval but will not be 47 Table of Contents subject to the payment of the redemption fee.

The market price of our ordinary shares may be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, many of which are beyond our control, including but not limited to: • actual or anticipated changes or fluctuations in our results of operations; • the financial projections we may provide to the public, any changes in these projections, or our failure to meet these projections; • announcements by us or our competitors of new offerings or new or terminated significant contracts, commercial relationships, or capital commitments; 43 Table of Contents • industry or financial analyst or investor reaction to our press releases, other public announcements, and filings with the SEC; • rumors and market speculation involving us or other companies in our industry; • sales or expected future sales of our ordinary shares; • investor perceptions of us and the industries in which we operate; • price and volume fluctuations in the overall stock market from time to time; • changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular; • failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors; • actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally; • litigation involving us, our industry, or both, or investigations by regulators into our operations or those of our competitors; • developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights; • announced or completed acquisitions of businesses or technologies by us or our competitors; • actual or perceived breaches of, or failures relating to, privacy, data protection, or data security; • new laws or regulations or new interpretations of existing laws or regulations applicable to our business; • any major changes in our management or our board of directors; • general economic conditions, the recent global economic downturn and slow or negative growth of our markets; and • other events or factors, including those resulting from war, including the war between Israel, Hamas and Hezbollah, incidents of terrorism or responses to these events.

The market price of our ordinary shares may be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, many of which are beyond our control, including but not limited to: • actual or anticipated changes or fluctuations in our results of operations; • the financial projections we may provide to the public, any changes in these projections, or our failure to meet these projections; • announcements by us or our competitors of new offerings or new or terminated significant contracts, commercial relationships, or capital commitments; • industry or financial analyst or investor reaction to our press releases, other public announcements, and filings with the SEC; • rumors and market speculation involving us or other companies in our industry; • sales or expected future sales of our ordinary shares; • investor perceptions of us and the industries in which we operate; • price and volume fluctuations in the overall stock market from time to time; • changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular; 44 Table of Contents • failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors; • actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally; • litigation involving us, our industry, or both, or investigations by regulators into our operations or those of our competitors; • developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights; • announced or completed acquisitions of businesses or technologies by us or our competitors; • actual or perceived breaches of, or failures or other incidents relating to, privacy, data protection, or data security; • new laws or regulations or new interpretations of existing laws or regulations applicable to our business; • any major changes in our management or our board of directors; • general economic conditions, including the imposition of tariffs and other non-tariff trade barriers and any global economic downturn and slow or negative growth of our markets; and • other events or factors, including those resulting from the regional conflicts and incidents of terrorism or responses to these events.

Despite our efforts, our systems and those of our vendors, service providers, and strategic partners also are potentially vulnerable to computer malware, malicious access or delivery of ransomware or other malicious software to our customers, AI risks, viruses, computer hacking, fraudulent use, social engineering attacks, phishing attacks, ransomware attacks, credential stuffing attacks, denial-of-service attacks, unauthorized access, exploitation of bugs, defects, and vulnerabilities, breakdowns, damage, interruptions, system malfunctions, power outages, terrorism, acts of vandalism, failures, security breaches and incidents, inadvertent or intentional actions by our employees, contractors, consultants, partners, and/or other third parties, and other real or perceived cyberattacks.

Despite our efforts, our systems and those of our vendors, service providers, and strategic partners are vulnerable to computer malware, malicious access or delivery of ransomware or other malicious software to our customers, AI risks, viruses, computer hacking, fraudulent use, social engineering attacks, phishing attacks, ransomware attacks, credential stuffing attacks, denial-of-service attacks, supply chain attacks, OAuth abuse, unauthorized access, exploitation of bugs, defects, and vulnerabilities, breakdowns, damage, interruptions, system malfunctions, power outages, terrorism, acts of vandalism, failures, security breaches and incidents, inadvertent or intentional actions by our employees, contractors, consultants, partners, and/or other third parties, and other real or perceived cyberattacks and other sources of security breaches and incidents.

Any limitation of liability provisions that may be contained in our customer, user, third-party vendor, service provider, and partner agreements may not be accepted by customers, users, third-party vendors, service providers, and partners, or enforceable or adequate or effective as a result of existing or future applicable law or unfavorable judicial decisions, and they may not function to limit our liability arising from regulatory enforcement.

Any limitation of liability provisions that may be contained in our customer, third-party vendor, service provider, and partner agreements may not be accepted by customers, third-party vendors, service providers, and partners, or enforceable or adequate 27 Table of Contents or effective as a result of existing or future applicable law or unfavorable judicial decisions, and they may not function to limit our liability arising from regulatory enforcement.

Additionally, AI may create content that appears correct, but is factually inaccurate, insufficient, poor quality, flawed, or contain other errors or inadequacies, any of which may not be easily detectable. AI and machine learning technologies have been known to produce false or hallucinatory inferences or outputs.

Additionally, AI may create content that appears correct, but is factually inaccurate, biased, insufficient, poor quality, flawed, or contain other errors or inadequacies, any of which may not be easily detectable. AI and ML technologies have been known to produce false or hallucinatory inferences or outputs.

We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not anticipate paying any dividends on our ordinary shares in the foreseeable future.

If our partners do not effectively assist our government entity customers in deploying our products, succeed in helping our government entity customers quickly resolve post-deployment issues, or provide effective ongoing support, our ability to sell additional products to new and existing government entity customers would be adversely affected and our reputation could be damaged.

If our partners do not effectively assist our government entity customers in deploying our platform, succeed in helping our government entity customers quickly resolve post-deployment issues, or provide effective ongoing support, our ability to expand and to sell to new and existing government entity customers would be adversely affected and our reputation could be damaged.

If we cannot achieve profitability, our business, financial condition, and results of operations may suffer. Although we have achieved positive operating cash flow and free cash flow, we have incurred annual losses since our inception. We incurred a net loss of $69.2 million, $61.3 million and $90.2 million in the years ended December 31, 2024, 2023 and 2022, respectively.

If we cannot achieve profitability, our business, financial condition, and results of operations may suffer. Although we have achieved positive operating cash flow and free cash flow, we have incurred annual losses since our inception. We incurred a net loss of $71.8 million, $69.2 million and $61.3 million in the years ended December 31, 2025, 2024 and 2023, respectively.

Our vendors and service providers have been and, in the future may be, the targets of cyberattacks, malicious software, supply chain attacks, phishing schemes, fraud, and other risks to the confidentiality, security, and integrity of their systems and the data they process for us.

There also have been and may continue to be significant supply chain attacks. Our vendors and service providers have been and, in the future may be, the targets of cyberattacks, malicious software, supply chain attacks, phishing schemes, fraud, and other risks to the confidentiality, security, and integrity of their systems and the data they process for us.

Further, any significant change to applicable laws, regulations, or industry practices regarding the collection, storing, sharing, use, retention, security, protection, disclosure, other processing of data, or their interpretation, or any changes regarding the 37 Table of Contents manner in which the consent of users or other data subjects for the collection, use, retention, disclosure, or other processing of such data must be obtained, could increase our costs and require us to modify our services and features, possibly in a material manner, which we may be unable to complete, and may limit our ability to store and process user data or develop new services and features.

Further, any significant change to applicable laws, regulations, or industry practices relating to privacy, data protection, cybersecurity, AI, data security, or the collection, storing, sharing, use, retention, security, protection, disclosure, other processing of data, or their interpretation, or any changes regarding the manner in which the consent of users or other data subjects for the collection, use, retention, disclosure, or other processing of such data must be obtained, could increase our costs and require us to modify our services and features, possibly in a material manner, which we may be unable to complete, and may limit our ability to store and process user data or develop new services and features.

Any political or trade controversy between the U.S. and China could adversely affect the U.S. and European economies and materially and adversely affect the market price of our ordinary shares, our business, financial position, and financial performance.

Any new or worsening of current political or trade controversy between the U.S. and China could adversely affect the U.S. and European economies and materially and adversely affect the market price of our ordinary shares, our business, financial position, and financial performance.

Not all of our directors or officers are residents of the U.S. Most of our assets and those of our non-U.S. directors and officers are located outside the U.S. Service of process upon us or our non-U.S. resident directors and officers may be difficult to obtain within the U.S.

Most of our assets and those of our non-U.S. directors and officers are located outside the U.S. Service of process upon us or our non-U.S. resident directors and officers may be difficult to obtain within the U.S.

For example, AI and machine learning may change the way our industry operates, and businesses that are slow to adopt or fail to adopt these new technologies may face a competitive disadvantage.

For example, AI and ML may change the way our industry operates, and businesses that are slow to adopt or fail to adopt these new technologies may face a competitive disadvantage.

Additionally, if we increase our activities outside of Israel through acquisitions, for example, our expanded activities might not be eligible for inclusion in future Israeli tax benefit programs.

Additionally, if we increase our activities outside 43 Table of Contents of Israel through acquisitions, for example, our expanded activities might not be eligible for inclusion in future Israeli tax benefit programs.

We incur significant costs in an effort to detect and prevent security breaches and other security-related incidents, including those to secure our product development, test, evaluation, and deployment activities, and we expect our costs will increase as we make improvements to our systems and processes to prevent future breaches and incidents.

We incur substantial costs in an effort to detect and prevent security breaches and other security-related incidents, including those to secure our product development, test, evaluation, and deployment activities, and we expect our costs will increase as we make improvements to our relevant systems and processes.

We anticipate that our operating expenses will increase substantially in the foreseeable future as we continue to enhance our products, broaden our customer base, expand our sales and marketing activities, including strengthening our customer success team and continuing to invest in our strategic sales team, expanding our operations, hiring additional employees, and continuing to develop our technology.

New laws, decisions, and guidance regarding AI technologies may limit our ability to use AI models, or require us to make changes to our operations or products, which would result in an increase to operating costs and hinder our ability to improve our products.

New laws, decisions, and guidance regarding AI technologies may limit our ability to use AI models, or require us to make changes to our operations or platform, which would result in an increase to operating costs and hinder our ability to improve our offering to our customers.

The expansion of, and our ability to penetrate, these evolving markets depends on a number of factors, including the cost, performance, and perceived value associated with DevOps, DevSecOps, and MLOps technologies, as well as the ability of DevOps workflows to improve critical steps in the lifecycle of software, including managing software security.

The expansion of, and our ability to penetrate, these evolving markets depends on a number of factors, including, but not limited to, the cost, performance, and perceived value associated with DevOps, DevSecOps, DevGovOps, and AI/MLOps technologies, as well as the ability of DevOps workflows to improve critical steps in the lifecycle of software, including managing software security.

The extent and continued impact of the war between Israel, Hamas and Hezbollah, the regional conflict in the Middle East, the Russia-Ukraine war, and related global economic disruptions on our operational and financial condition will depend on certain developments, including: government responses to the wars; the impact of the wars on our customers and our sales cycles; their impacts on customer, industry, or technology-based community events; and their effect on our partners, some of which are uncertain, difficult to predict, and not within our control.

The regional conflict in the Middle East, the Russia-Ukraine war, and related global economic disruptions on our operational and financial condition will depend on certain developments, including: government responses to the conflicts and wars; the impact of the conflicts and wars on our customers and our sales cycles; their impacts on customer, industry, or technology-based community events; and their effect on our partners, some of which are uncertain, difficult to predict, and not within our control.

Our current international operations involve, and we expect future initiatives will involve, a variety of risks, including: • challenges inherent to efficiently managing an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs; • different labor regulations, especially in Israel, the EU and India, where labor laws are generally more advantageous to employees as compared to the U.S., including differing hourly wages and overtime regulations in these locations; • exposure to many stringent and potentially inconsistent worldwide and industry-specific laws and regulations applicable to JFrog, directly or through customer contractual obligations relating to privacy, data protection, cybersecurity, AI, and data security; • unexpected changes in practices, tariffs, export quotas, custom duties, trade disputes, tax laws and treaties, particularly due to economic tensions and trade negotiations or other trade restrictions; • changes in a specific country’s or region’s political or economic conditions, such as the war between Israel, Hamas and Hezbollah, the regional conflict in the Middle East, the war between Russia and Ukraine and associated geopolitical tensions, as well as economic sanctions the U.S., the EU, and other countries have imposed on Russia and certain of its allies and the impact of the foregoing on the global economy; • risks resulting from changes in currency exchange rates, in particular, fluctuations in the value of the NIS compared to the U.S. dollar; • risks relating to the implementation of exchange controls, including restrictions promulgated by the OFAC, and other similar trade protection regulations and measures in the U.S., the EU, or in other jurisdictions; • reduced ability to timely collect amounts owed to us by our customers in countries where our recourse may be more limited; • slower than anticipated availability and adoption of cloud and hybrid infrastructures by international businesses; • limitations on our ability to reinvest earnings from operations derived from one country to fund the capital needs of our operations in other countries; • limited or unfavorable intellectual property protection; and • exposure to liabilities under anti-corruption and anti-money laundering laws, including the U.S.

Our current international operations involve, and we expect future initiatives will involve, a variety of risks, including: • challenges inherent to efficiently managing an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs; • different labor regulations, especially in Israel, the EU, Asia, and India, where labor laws are generally more advantageous to employees as compared to the U.S., including complex termination processes, differing hourly wages and overtime regulations in these locations; • exposure to many stringent and potentially inconsistent worldwide and industry-specific laws and regulations applicable to JFrog, directly or through customer contractual obligations relating to privacy, data protection, cybersecurity, AI, and data security; • unexpected changes in practices, tariffs, including recent tariffs on certain countries by the U.S. government, export quotas, custom duties, trade disputes, tax laws and treaties, particularly due to economic tensions and trade negotiations or other trade restrictions; • changes in a specific country’s or region’s political or economic conditions, such as the regional conflicts and associated geopolitical tensions, as well as economic sanctions the U.S., the EU, and other countries have imposed on Russia and certain of its allies and the impact of the foregoing on the global economy; • risks resulting from changes in currency exchange rates, in particular, fluctuations in the value of the NIS compared to the U.S. dollar; • risks relating to the implementation of exchange controls and trade compliance, including restrictions promulgated by the United States Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), and other similar trade protection regulations and measures in the U.S., the EU, or in other jurisdictions; • reduced ability to timely collect amounts owed to us by our customers in countries where our recourse may be more limited; • slower than anticipated availability and adoption of cloud and hybrid infrastructures by international businesses; • limitations on our ability to reinvest earnings from operations derived from one country to fund the capital needs of our operations in other countries; • limited or unfavorable intellectual property protection; and • exposure to liabilities under anti-corruption and anti-money laundering laws, including the U.S.

Our customers’ renewals may decline or fluctuate as a result of a number of factors, including their satisfaction with our products and our customer support, the frequency and severity of product outages, our product uptime or latency, the pricing of our, or competing, products, additional new features and capabilities that we offer, new integrations, and updates to our products as a result of updates by technology partners.

Our customers’ renewals may decline or fluctuate as a result of a number of factors, including their satisfaction with our products and our customer support, the frequency and severity of product outages (including, without limitation, possible outages with public cloud providers), our product uptime or latency, the pricing of our, or competing, products, additional new features and capabilities that we offer, new integrations, and updates to our products as a result of updates by technology partners.

Furthermore, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain. Despite our precautions, it may be possible for unauthorized third parties to copy our products and use information that we regard as proprietary to create offerings that compete with ours.

Furthermore, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain. Despite our precautions, it may be possible for unauthorized third parties to copy our platform, in whole or in part, and use information that we regard as proprietary to create offerings that compete with ours.

In addition, if we are unsuccessful at integrating future acquisitions, or the technologies associated with such acquisitions, the revenue and results of operations of the combined company could be adversely affected.

In addition, if we are unsuccessful at integrating future acquisitions, including retaining employees of the acquired company, or the technologies associated with such acquisitions, the revenue and results of operations of the combined company could be adversely affected.

Our actual or perceived failure to achieve some or all of these initiatives, goals, or commitments or maintain sustainability or governance practices that meet evolving stakeholder expectations or regulatory requirements could harm our reputation, adversely impact our ability to attract and retain employees or customers, and expose us to increased scrutiny from sustainability and governance-focused investors, regulatory authorities, and others, or subject us to liability.

Our actual or perceived failure to achieve some or all of these initiatives, goals, or commitments or maintain sustainability or governance practices that meet evolving stakeholder expectations or regulatory requirements could harm our reputation (including, without limitation, impacts to any related ratings), adversely impact our ability to attract and retain employees or customers, and expose us to increased scrutiny from sustainability and governance-focused investors, regulatory authorities, and others, or subject us to liability.

Factors that may cause fluctuations in our quarterly financial results include, but not limited to: • our ability to attract and retain new customers; • the loss of existing customers; • renewals and timing of renewals; • customer usage of our products; • customer satisfaction with our products and platform capabilities and customer support; • our ability to expand sales within our existing customers; • our ability to gain new partners and retain existing partners; • increases or decreases in the number of elements of our subscriptions or pricing changes upon any renewals of customer agreements; • our ability to convert users of free trials and open source version of JFrog Artifactory into subscribing customers; • general economic, industry, and market conditions, including adverse macroeconomic conditions such as inflation and currency fluctuation; • fluctuations in share-based compensation expense, including as a result of our acquisition activity; • decisions by potential or existing customers to purchase alternative solutions; • decisions by potential customers to develop in-house DevOps, DevSecOps, and MLOps solutions as alternatives to our products; • the timing and success of new products introduced by us or our competitors or any other change in the competitive dynamics of our industry, including consolidation among competitors, customers, or partners; • the amount and timing of operating expenses related to the maintenance and expansion of our business and operations, including investments in research and development, sales and marketing, and general and administrative resources; • network outages; • actual or perceived breaches of, or failures relating to, privacy, data protection, e-marketing, cookies, cybersecurity, data breach notification, or data security; • mergers and acquisitions that might affect our customer base, including the consolidation of affiliates’ multiple paid business accounts into a single paid business account; • the timing of expenses related to the development or acquisition of technologies or businesses and potential future charges for impairment of goodwill from acquired companies; • changes in our pricing policies or those of our competitors; 20 Table of Contents • fluctuations in the growth rate of the overall market that our products address; • the budgeting cycles and purchasing practices of customers; • the business strengths or weakness of our customers; • our ability to collect timely on invoices or receivables; • the cost and potential outcomes of future litigation or other disputes; • future accounting pronouncements or changes in our accounting policies; • our ability to successfully expand our business in the U.S. and internationally; • fluctuations in the mix of our revenue between self-managed subscriptions and SaaS subscriptions; • our overall effective tax rate, including impacts caused by any reorganization in our corporate tax structure and any new legislation or regulatory developments; • fluctuations in foreign currency exchange rates; and • the impact of political uncertainty or unrest, including the Russia-Ukraine war, the war between Israel, Hamas and Hezbollah, the regional conflict in the Middle East, other areas of geopolitical tension around the world, including Syria, or the worsening of such conflicts or tensions and any related global economic disruptions.

Factors that may cause fluctuations in our quarterly financial results include, but not limited to: • our ability to attract and retain new customers; • the loss of existing customers; • renewals and timing of renewals; • customer usage of our products; • customer satisfaction with our product capabilities and customer support; 20 Table of Contents • our ability to expand sales within our existing customers; • our ability to gain new partners and retain existing partners; • customers may increase or decrease the number of elements of our subscriptions or may negotiate pricing changes upon any renewals of customer subscriptions; • our ability to convert users of free trials and open source version of JFrog Artifactory into subscribing customers; • general economic, industry, and market conditions, including adverse macroeconomic conditions such as inflation and currency fluctuation; • fluctuations in share-based compensation expense, including as a result of our acquisition activity; • decisions by potential or existing customers to purchase alternative solutions; • decisions by potential customers to develop in-house DevOps, DevSecOps, DevGovOps, and MLOps solutions as alternatives to our products; • the timing and success of new products introduced by us or our competitors or any other change in the competitive dynamics of our industry, including consolidation among competitors, customers, or partners; • the amount and timing of operating expenses related to the maintenance and expansion of our business and operations, including investments in research and development, sales and marketing, and general and administrative resources; • resulting downtime from network outages (including, without limitation, possible outages with public cloud providers); • actual or perceived breaches of, or failures relating to, privacy, data protection, e-marketing, cookies, cybersecurity, data breach notification, or data security; • mergers and acquisitions that might affect our customer base, including the consolidation of affiliates’ multiple paid business accounts into a single paid business account; • the timing of expenses related to the development or acquisition of technologies or businesses and potential future charges for impairment of goodwill from acquired companies; • changes in our pricing policies or those of our competitors; • fluctuations in the growth rate of the overall market that our products address; • the budgeting cycles and purchasing practices of customers; • the business strengths or weakness of our customers; • our ability to collect timely on invoices or receivables; • the cost and potential outcomes of future litigation or other disputes; • future accounting pronouncements or changes in our accounting policies; • our ability to successfully expand our business in the U.S. and internationally; • fluctuations in the mix of our revenue between self-managed subscriptions and SaaS subscriptions; • our overall effective tax rate, including impacts caused by any reorganization in our corporate tax structure and any new legislation or regulatory developments; • fluctuations in foreign currency exchange rates; and 21 Table of Contents • the impact of political uncertainty or unrest, other areas of geopolitical tension around the world, or the worsening of regional conflicts or tensions and any related global economic disruptions, including as a result of the imposition of tariffs and other non-tariff trade barriers.

If we are unable to meet the stated service-level commitments, including failure to meet the uptime and response time requirements under our customer subscription agreements, we may be contractually obligated to provide these customers with certain credits which could significantly affect our revenue in the periods in which the failure occurs and the credits are applied.

If we are unable to meet the stated uptime commitments under our customer subscription agreements, we may be contractually obligated to provide these customers with certain credits which could significantly affect our revenue in the periods in which the failure occurs and the credits are applied.

Any perception of privacy, data security, cybersecurity, or data protection concerns or an inability to comply with applicable laws, regulations, policies, industry standards, contractual obligations, or other legal obligations, even if unfounded, may result in additional cost and liability to us, harm our reputation and inhibit adoption of our products by current and future customers, and adversely affect our business, financial condition, and results of operations.

Any perception of concerns relating to these matters or an inability to comply with applicable laws, regulations, policies, industry standards, contractual obligations, or other legal obligations, even if unfounded, may result in additional cost and liability to us, harm our reputation and inhibit adoption of our products by current and future customers, and adversely affect our business, financial condition, and results of operations.

… 196 more changes not shown on this page.

Item 2. Properties

Properties — owned and leased real estate

1 edited+0 added−1 removed1 unchanged

2024 filing

2025 filing

Biggest changeWe lease approximately 49,000 square feet of office space in Sunnyvale under leases expiring through 2026, and approximately 52,000 square feet of office space in Netanya under a lease expiring in 2026. 51 Table of Contents We lease all of our facilities and do not own any real property.

Biggest changeItem 2. Properties We are co-headquartered in Sunnyvale, California and in Netanya, Israel. We lease approximately 64,000 square feet of office space in Sunnyvale under leases expiring through 2031, and approximately 52,000 square feet of office space in Netanya under a lease expiring in 2026. We lease all of our facilities and do not own any real property.

Removed

Item 2. Properties We are co-headquartered in Sunnyvale, California and in Netanya, Israel.

Item 3. Legal Proceedings

Legal Proceedings — active lawsuits and investigations

1 edited+0 added−0 removed0 unchanged

2024 filing

2025 filing

Biggest changeItem 3. Legal Proceedings The information set forth under the heading “Legal Proceedings” in Note 11 to the consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K is incorporated herein by reference. Item 4. Mine Safety Disclosures Not applicable. 52 Table of Contents PART II

Item 5. Market for Registrant's Common Equity

Market for Common Equity — stock, dividends, buybacks

3 edited+0 added−1 removed4 unchanged

2024 filing

2025 filing

Biggest changeAll values assume a $100 initial investment and data for the S&P 500 Composite Index and the S&P Information Technology Index assume reinvestment of dividends. The comparisons are based on historical data and are not indicative of, nor intended to forecast, the future performance of our ordinary share.

Biggest changeThe graph below compares the cumulative five-year total stockholder return on our ordinary shares with that of the S&P 500 Index and the S&P 500 Information Technology Index. All values assume a $100 initial investment and data for the S&P 500 Composite Index and the S&P Information Technology Index assume reinvestment of dividends.

Holders of Record As of February 5, 2025, we had 37 holders of record of our Ordinary Shares. The actual number of holders is greater than this number of record holders and includes holders who are beneficial owners but whose shares are held in street name by brokers and other nominees.

Holders of Record As of February 6, 2026, we had 24 holders of record of our Ordinary Shares. The actual number of holders is greater than this number of record holders and includes holders who are beneficial owners but whose shares are held in street name by brokers and other nominees.

Unregistered Sales of Equity Securities None. 53 Table of Contents Issuer Purchases of Equity Securities None. Item 6. [Reserved]

The comparisons are based on historical data and are not indicative of, nor intended to forecast, the future performance of our ordinary share. Unregistered Sales of Equity Securities None. 54 Table of Contents Issuer Purchases of Equity Securities None. Item 6. [Reserved]

Removed

The graph below compares the cumulative total stockholder return on our ordinary share from September 16, 2020 (the date our ordinary share commenced trading on the Nasdaq) through December 31, 2024 with the cumulative total return on the S&P 500 Index and the S&P 500 Information Technology Index.

Item 7. Management's Discussion & Analysis

Management's Discussion & Analysis (MD&A) — revenue / margin commentary

48 edited+9 added−13 removed48 unchanged

2024 filing

2025 filing

Biggest changeResults of Operations The following tables set forth selected consolidated statements of operations data and such data as a percentage of total revenue for each of the periods indicated: Year Ended December 31, 2024 2023 2022 (in thousands) Revenue: Subscription—self-managed and SaaS $ 406,903 $ 330,193 $ 261,452 License—self-managed 21,585 19,693 18,588 Total subscription revenue 428,488 349,886 280,040 Cost of revenue: Subscription—self-managed and SaaS (1)(2)(3) 97,758 76,244 61,407 License—self-managed (2) 542 799 880 Total cost of revenue—subscription 98,300 77,043 62,287 Gross profit 330,188 272,843 217,753 Operating expenses: Research and development (1)(3) 160,864 134,584 121,225 Sales and marketing (1)(2)(3) 190,401 150,675 130,812 General and administrative (1)(3)(4) 70,021 63,132 55,556 Total operating expenses 421,286 348,391 307,593 Operating loss (91,098 ) (75,548 ) (89,840 ) Interest and other income, net 25,278 21,032 5,094 Loss before income taxes (65,820 ) (54,516 ) (84,746 ) Income tax expense 3,416 6,740 5,438 Net loss $ (69,236 ) $ (61,256 ) $ (90,184 ) _________________________________________ (1) Includes share-based compensation expense as follows: Year Ended December 31, 2024 2023 2022 (in thousands) Cost of revenue: subscription–self-managed and SaaS $ 14,555 $ 9,784 $ 6,991 Research and development 48,192 32,689 24,664 Sales and marketing 47,603 30,338 22,753 General and administrative 20,756 22,360 14,253 Total share-based compensation expense $ 131,106 $ 95,171 $ 68,661 58 Table of Contents (2) Includes amortization expense of acquired intangible assets as follows: Year Ended December 31, 2024 2023 2022 (in thousands) Cost of revenue: subscription–self-managed and SaaS $ 13,762 $ 9,546 $ 9,543 Cost of revenue: license—self-managed 542 799 880 Sales and marketing 3,274 1,431 1,145 Total amortization expense of acquired intangible assets $ 17,578 $ 11,776 $ 11,568 (3) Includes acquisition-related costs as follows: Year Ended December 31, 2024 2023 2022 (in thousands) Cost of revenue: subscription–self-managed and SaaS $ 9 $ 20 $ 25 Research and development 3,782 7,301 9,610 Sales and marketing 1,087 125 762 General and administrative 880 161 315 Total acquisition-related costs $ 5,758 $ 7,607 $ 10,712 (4) Includes legal settlement costs as follows: Year Ended December 31, 2024 2023 2022 (in thousands) General and administrative $ — $ — 216 Year Ended December 31, 2024 2023 2022 Revenue: Subscription—self-managed and SaaS 95 % 94 % 93 % License—self-managed 5 6 7 Total subscription revenue 100 100 100 Cost of revenue: Subscription—self-managed and SaaS 23 22 22 License—self-managed — — — Total cost of revenue—subscription 23 22 22 Gross profit 77 78 78 Operating expenses: Research and development 38 39 43 Sales and marketing 44 43 47 General and administrative 16 18 20 Total operating expenses 98 100 110 Operating loss (21 ) (22 ) (32 ) Interest and other income, net 6 6 2 Loss before income taxes (15 ) (16 ) (30 ) Income tax expense 1 2 2 Net loss (16 )% (18 )% (32 )% 59 Table of Contents Comparison of the Years Ended December 31, 2024 and 2023 Revenue Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) Subscription—self-managed and SaaS $ 406,903 $ 330,193 $ 76,710 23 % License—self-managed 21,585 19,693 1,892 10 Total subscription revenue $ 428,488 $ 349,886 $ 78,602 22 % The increase in total subscription revenue for the year ended December 31, 2024 compared to the year ended December 31, 2023 consisted of approximately $70.3 million growth from existing customers and the remaining attributable to new customers.

Biggest changeResults of Operations The following tables set forth selected consolidated statements of operations data and such data as a percentage of total revenue for each of the periods indicated: Year Ended December 31, 2025 2024 2023 (in thousands) Revenue: Subscription—self-managed and SaaS $ 502,796 $ 406,903 $ 330,193 License—self-managed 29,044 21,585 19,693 Total subscription revenue 531,840 428,488 349,886 Cost of revenue: Subscription—self-managed and SaaS (1)(2)(3) 123,337 97,758 76,244 License—self-managed (2) 116 542 799 Total cost of revenue—subscription 123,453 98,300 77,043 Gross profit 408,387 330,188 272,843 Operating expenses: Research and development (1)(3) 195,089 160,864 134,584 Sales and marketing (1)(2)(3) 223,932 190,401 150,675 General and administrative (1)(3) 81,219 70,021 63,132 Total operating expenses 500,240 421,286 348,391 Operating loss (91,853 ) (91,098 ) (75,548 ) Interest and other income, net 25,816 25,278 21,032 Loss before income taxes (66,037 ) (65,820 ) (54,516 ) Income tax expense 5,782 3,416 6,740 Net loss $ (71,819 ) $ (69,236 ) $ (61,256 ) _________________________________________ (1) Includes share-based compensation expense as follows: Year Ended December 31, 2025 2024 2023 (in thousands) Cost of revenue: subscription–self-managed and SaaS $ 16,768 $ 14,555 $ 9,784 Research and development 58,203 48,192 32,689 Sales and marketing 55,749 47,603 30,338 General and administrative 25,937 20,756 22,360 Total share-based compensation expense $ 156,657 $ 131,106 $ 95,171 (2) Includes amortization expense of acquired intangible assets as follows: Year Ended December 31, 2025 2024 2023 (in thousands) Cost of revenue: subscription–self-managed and SaaS $ 17,995 $ 13,762 $ 9,546 Cost of revenue: license—self-managed 116 542 799 Sales and marketing 2,807 3,274 1,431 Total amortization expense of acquired intangible assets $ 20,918 $ 17,578 $ 11,776 59 Table of Contents (3) Includes acquisition-related costs as follows: Year Ended December 31, 2025 2024 2023 (in thousands) Cost of revenue: subscription–self-managed and SaaS $ — $ 9 $ 20 Research and development 4,413 3,782 7,301 Sales and marketing 1,857 1,087 125 General and administrative 68 880 161 Total acquisition-related costs $ 6,338 $ 5,758 $ 7,607 Year Ended December 31, 2025 2024 2023 Revenue: Subscription—self-managed and SaaS 95 % 95 % 94 % License—self-managed 5 5 6 Total subscription revenue 100 100 100 Cost of revenue: Subscription—self-managed and SaaS 23 23 22 License—self-managed — — — Total cost of revenue—subscription 23 23 22 Gross profit 77 77 78 Operating expenses: Research and development 37 38 39 Sales and marketing 42 44 43 General and administrative 15 16 18 Total operating expenses 94 98 100 Operating loss (17 ) (21 ) (22 ) Interest and other income, net 5 6 6 Loss before income taxes (12 ) (15 ) (16 ) Income tax expense 2 1 2 Net loss (14 )% (16 )% (18 )% Comparison of the Years Ended December 31, 2025 and 2024 Revenue Year Ended December 31, 2025 2024 $ Change % Change (in thousands, except percentages) Subscription—self-managed and SaaS $ 502,796 $ 406,903 $ 95,893 24 % License—self-managed 29,044 21,585 7,459 35 % Total subscription revenue $ 531,840 $ 428,488 $ 103,352 24 % The increase in total subscription revenue for the year ended December 31, 2025 compared to the year ended December 31, 2024 consisted of approximately $93.9 million growth from existing customers and the remaining attributable to new customers.

Sales and Marketing Sales and marketing expenses primarily consist of personnel-related expenses, share-based compensation expenses, sales commissions primarily associated with our sales and marketing organizations, public cloud infrastructure costs associated with our free trials and open source software options, and costs associated with marketing programs and user events. Marketing programs include advertising, promotional events, and brand-building activities.

Sales and Marketing Sales and marketing expenses primarily consist of personnel-related expenses, share-based compensation expenses, sales commissions, public cloud infrastructure costs associated with our free trials and open source software options, and costs associated with marketing programs and user events. Marketing programs include advertising, promotional events, and brand-building activities.

Our net dollar retention rate may fluctuate as a result of a number of factors, including the level of penetration within our customer base, expansion of products and features, and our ability to retain our customers. As of December 31, 2024 and 2023, our net dollar retention rate was 116% and 119%, respectively.

Our net dollar retention rate may fluctuate as a result of a number of factors, including the level of penetration within our customer base, expansion of products and features, and our ability to retain our customers. As of December 31, 2025 and 2024, our net dollar retention rate was 119% and 116%, respectively.

We offer subscription tiers for self-managed deployments, where our customers deploy and manage our products across their public cloud, on-premise, private cloud, or hybrid environments, as well as JFrog-managed public cloud deployments, which we refer to as our SaaS subscriptions.

We offer subscription tiers for self-managed deployments, where our customers deploy and manage our products across their public cloud, on-premises, private cloud, or hybrid environments, as well as JFrog-managed public cloud deployments, which we refer to as our SaaS subscriptions.

All of the top 10 technology organizations and top 10 financial services organizations, 8 of the top 10 retail organizations, 8 of the top 10 healthcare organizations, and all of the top 5 telecommunications organizations in the Fortune 500 have adopted the JFrog platform, embarking on their journey towards Liquid Software.

All of the top 10 technology organizations and top 10 financial services organizations, 8 of the top 10 retail organizations, 8 of the top 10 healthcare organizations, and all of the top 7 telecommunications organizations in the Fortune 500 have adopted the JFrog Platform, embarking on their journey towards Liquid Software.

While we believe we have a significant market opportunity that our platform addresses, we will need to continue to invest in customer support, research and development, and sales and marketing in order to address this opportunity. Additionally, we believe our products address the software release needs of customers worldwide, and we see international expansion as a major opportunity.

While we believe we have a significant market opportunity that our platform addresses, we will need to continue to invest in customer support, research and development, and sales and marketing in order to address this opportunity. 56 Table of Contents Additionally, we believe our products address the software release needs of customers worldwide, and we see international expansion as a major opportunity.

Factors Affecting Our Performance We believe that our future performance will depend on many factors, including the following: Extending Our Technology Leadership We intend to continue to enhance our hybrid, universal, end-to-end software supply chain platform by developing new products and expanding the functionality of existing products to maintain our technology leadership.

Factors Affecting Our Performance We believe that our future performance will depend on many factors, including, but not limited to, the following: Extending Our Technology Leadership We intend to continue to enhance our hybrid, universal, end-to-end software supply chain platform by developing new products and expanding the functionality of existing products to maintain our technology leadership.

Acquiring New Customers We believe there is a significant opportunity to grow the number of customers that use our platform. As of December 31, 2024, approximately 32% of the Forbes Global 2000 were our customers. Our operating results and growth prospects will depend in part on our ability to attract new customers.

Acquiring New Customers We believe there is a significant opportunity to grow the number of customers that use our platform. As of December 31, 2025, approximately 31% of the Forbes Global 2000 were our customers. Our operating results and growth prospects will depend in part on our ability to attract new customers.

General and Administrative General and administrative expenses primarily consist of personnel-related expenses, share-based compensation expenses, associated primarily with our finance, legal, human resources and other operational and administrative functions, professional 57 Table of Contents fees for external legal, accounting and other consulting services, directors and officer’s insurance expenses, and allocated overhead.

General and Administrative General and administrative expenses primarily consist of personnel-related expenses, share-based compensation expenses, associated primarily with our finance, legal, human resources and other operational and administrative functions, professional fees for external legal, accounting and other consulting services, directors and officer’s insurance expenses, and allocated overhead.

Our business model benefits from our ability to serve the needs of all customers, from individual software developers, security teams, MLOps teams, and IT operators to the largest organizations, in a value-oriented manner. We generate revenue from the sale of subscriptions to customers.

Our business model benefits from our ability to serve the needs of all customers, from individual software developers, security teams, AI/ML teams, and IT operators to the largest organizations, in a value-oriented manner. We generate revenue from the sale of subscriptions to customers.

We then calculate the contracted ARR from these Base Customers in the last month of the same quarter of the subsequent year (the “Comparison Quarter”). This calculation captures 55 Table of Contents upsells, contraction, and attrition since the Base Quarter. We then divide total Comparison Quarter ARR by total Base Quarter ARR for Base Customers.

We then calculate the contracted ARR from these Base Customers in the last month of the same quarter of the subsequent year (the “Comparison Quarter”). This calculation captures upsells, contraction, and attrition since the Base Quarter. We then divide total Comparison Quarter ARR by total Base Quarter ARR for Base Customers.

The following section generally discusses our financial condition and results of operations for the year ended December 31, 2024 compared to the year ended December 31, 2023.

The following section generally discusses our financial condition and results of operations for the year ended December 31, 2025 compared to the year ended December 31, 2024.

A discussion regarding our financial condition and results of operations for the year ended December 31, 2023 compared to the year ended December 31, 2022 can be found in Part II, Item 7 of our 2023 Annual Report on Form 10‐K, filed with the SEC on February 15, 2024.

A discussion regarding our financial condition and results of operations for the year ended December 31, 2024 compared to the year ended December 31, 2023 can be found in Part II, Item 7 of our 2024 Annual Report on Form 10‐K, filed with the SEC on February 14, 2025.

For the year ended December 31, 2024, our 10 largest customers represented approximately 8% of our total revenue and 40% of our revenue was generated from customers outside of the United States. We have designed our subscription structure and go-to-market strategy to align our growth with the success of our customers.

For the year ended December 31, 2025, our 10 largest customers represented approximately 9% of our total revenue and 40% of our revenue was generated from customers outside of the United States. We have designed our subscription structure and go-to-market strategy to align our growth with the success of our customers.

Revenue from Enterprise Plus subscription represented approximately 51% of our total revenue for the year ended December 31, 2024, compared to approximately 46% for the year ended December 31, 2023. The growth in revenue from our Enterprise Plus subscription demonstrates the increased demand for our end-to-end solutions for customers’ entire software supply chain management.

Revenue from Enterprise Plus subscription represented approximately 56% of our total revenue for the year ended December 31, 2025, compared to approximately 51% for the year ended December 31, 2024. The growth in revenue from our Enterprise Plus subscription demonstrates the increased demand for our end-to-end solutions for customers’ entire software supply chain management.

We have an unwavering commitment to the software developer, security teams, MLOps teams, and IT operator communities, and show this commitment by offering varying forms of free access to our products in addition to the paid subscriptions described above.

We have an unwavering commitment to the software developer, security teams, AI/ML engineers, and IT operator communities, and show this commitment by offering varying forms of free access to our products in addition to the paid subscriptions described above.

For subscriptions to our self-managed software products, revenue is recognized ratably over the subscription term. For our SaaS subscriptions, revenue is recognized ratably over each commitment period within the subscription term, based on minimum usage commitments and any excess usage in the corresponding commitment period.

For subscriptions to our self-managed software products, revenue is recognized 57 Table of Contents ratably over the subscription term. For our SaaS subscriptions, revenue is recognized ratably over each commitment period within the subscription term, based on minimum usage commitments and any excess usage in the corresponding commitment period.

Revenue from SaaS subscriptions contributed 39% of our total revenue for the year ended December 31, 2024, compared to 34% for the year ended December 31, 2023. Our self-managed subscriptions are offered on an annual and multi-year basis, and our SaaS subscriptions are offered on a monthly, annual, and multi-year basis.

Revenue from SaaS subscriptions contributed 46% of our total revenue for the year ended December 31, 2025, compared to 39% for the year ended December 31, 2024. Our self-managed subscriptions are offered on an annual and multi-year basis, and our SaaS subscriptions are offered on a monthly, annual, and multi-year basis.

In the event that we change our determination, we will adjust our valuation allowance with a corresponding impact to the provision for income taxes in the period in which such determination is made.

In the event that we change our determination, we will adjust our valuation allowance with a corresponding impact to the provision for income taxes in the period in which such determination is made. 64 Table of Contents

Financing Activities Net cash provided by financing activities of $21.2 million for the year ended December 31, 2024 consisted primarily of proceeds from exercise of share options of $10.4 million and proceeds from employee share purchases under our ESPP of $8.7 million.

Net cash provided by financing activities of $21.2 million for the year ended December 31, 2024 consisted primarily of proceeds from exercise of share options of $10.4 million and proceeds from our employee share purchase plan of $8.7 million.

As of December 31, 2024, our principal sources of liquidity were cash, cash equivalents, and short-term investments of $522.0 million. Cash and cash equivalents primarily consist of cash in banks and money market funds. Short-term investments generally consist of bank deposits, certificates of deposit, commercial paper, corporate debt securities, municipal securities, and government and agency debt.

As of December 31, 2025, our principal sources of liquidity were cash, cash equivalents, and short-term investments of $704.4 million. Cash and cash equivalents primarily consist of cash in banks and money market funds. Short-term investments generally consist of bank deposits, certificates of deposit, commercial paper, corporate debt securities, municipal securities, and government and agency debt.

Income tax expense decreased for the year ended December 31, 2024 compared to the year ended December 31, 2023 primarily due to higher excess tax benefits from share-based compensation awards and a discrete tax benefit in Israel attributable to the release of valuation allowance as a result of recognizing deferred tax liabilities associated with the Qwak acquisition.

Income tax expense increased for the year ended December 31, 2025 compared to the year ended December 31, 2024 primarily due to the absence of a discrete tax benefit in Israel in 2024 attributable to the release of valuation allowance as a result of recognizing deferred tax liabilities associated with the Qwak acquisition, partially offset by higher excess tax benefits from share-based compensation awards.

The following table summarizes our cash flows for the periods presented and provides a reconciliation of net cash from operating activities, the most directly comparable financial measure calculated in accordance with GAAP, to free cash flow, a non-GAAP financial measure, for each of the periods presented: Year Ended December 31, 2024 2023 2022 (in thousands) Net cash provided by operating activities $ 110,924 $ 74,155 $ 21,425 Less: purchases of property and equipment (3,143 ) (1,982 ) (4,328 ) Free cash flow $ 107,781 $ 72,173 $ 17,097 Net cash used in investing activities $ (165,356 ) $ (53,476 ) $ (53,338 ) Net cash provided by financing activities $ 21,231 $ 18,371 $ 11,027 56 Table of Contents Components of Results of Operations Revenue Our revenues are comprised of revenue from self-managed subscriptions and SaaS subscriptions.

The following table summarizes our cash flows for the periods presented and provides a reconciliation of net cash from operating activities, the most directly comparable financial measure calculated in accordance with GAAP, to free cash flow, a non-GAAP financial measure, for each of the periods presented: Year Ended December 31, 2025 2024 2023 (in thousands) Net cash provided by operating activities $ 145,729 $ 110,924 $ 74,155 Less: purchases of property and equipment (3,460 ) (3,143 ) (1,982 ) Free cash flow $ 142,269 $ 107,781 $ 72,173 Net cash used in investing activities $ (152,268 ) $ (165,356 ) $ (53,476 ) Net cash provided by financing activities $ 31,210 $ 21,231 $ 18,371 Components of Results of Operations Revenue Our revenues are comprised of revenue from self-managed subscriptions and SaaS subscriptions.

As of December 31, 2024, 1,018 of our customers had ARR of $100,000 or more, increasing from 886 customers as of December 31, 2023. We had 52 customers with ARR of at least $1.0 million as of December 31, 2024, increasing from 37 customers as of December 31, 2023.

As of December 31, 2025, 1,168 of our customers had ARR of $100,000 or more, increasing from 1,018 customers as of December 31, 2024. We had 74 customers with ARR of at least $1.0 million as of December 31, 2025, increasing from 52 customers as of December 31, 2024.

We continued to invest in our business and had net loss of $69.2 million and $61.3 million for the years ended December 31, 2024 and 2023, respectively.

We continued to invest in our business and had net loss of $71.8 million and $69.2 million for the years ended December 31, 2025 and 2024, respectively.

We may recognize tax benefits from the release of valuation allowance in connection with acquisitions that create deferred tax liabilities. Our effective tax rate is affected by tax rates in foreign jurisdictions and the relative amounts of income we earn in those jurisdictions, non-deductible expenses, excess tax benefits from share-based compensation awards, and changes in our valuation allowance.

Our effective tax rate is affected by tax rates in foreign jurisdictions and the relative amounts of income we earn in those jurisdictions, non-deductible expenses, excess tax benefits from share-based compensation awards, and changes in our valuation allowance.

This free access takes the form of free trials and open source software, and helps generate demand for our paid offerings within the software developer, security and IT operator communities. 54 Table of Contents We generated revenue of $428.5 million and $349.9 million for the years ended December 31, 2024 and 2023, respectively, representing year-over-year growth rate of 22%.

This free access takes the form of free trials and open source software, and helps generate demand for our paid offerings within the software developer, security professionals, AI/ML engineers, and IT operator communities. 55 Table of Contents We generated revenue of $531.8 million and $428.5 million for the years ended December 31, 2025 and 2024, respectively, representing year-over-year growth rate of 24%.

Income Tax Expense Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) Income tax expense $ 3,416 $ 6,740 $ (3,324 ) (49 )% Effective income tax rate (5 )% (12 )% Our effective tax rate is affected primarily by tax rates in foreign jurisdictions and the relative amounts of income we earn in those jurisdictions, non-deductible expenses, excess tax benefits from share-based compensation awards, and changes in our 61 Table of Contents valuation allowance.

Income Tax Expense Year Ended December 31, 2025 2024 $ Change % Change (in thousands, except percentages) Income tax expense $ 5,782 $ 3,416 $ 2,366 69 % Effective income tax rate (9 )% (5 )% Our effective tax rate is affected primarily by tax rates in foreign jurisdictions and the relative amounts of income we earn in those jurisdictions, non-deductible expenses, excess tax benefits from share-based compensation awards, and changes in our valuation allowance.

The following table summarizes our cash flows for the periods presented: Year Ended December 31, 2024 2023 (in thousands) Net cash provided by operating activities $ 110,924 $ 74,155 Net cash used in investing activities $ (165,356 ) $ (53,476 ) Net cash provided by financing activities $ 21,231 $ 18,371 Operating Activities Net cash provided by operating activities of $110.9 million for the year ended December 31, 2024 was primarily related to our net loss of $69.2 million, adjusted for non-cash charges of $155.0 million, including share-based compensation expense of $131.1 million and depreciation and amortization of $21.5 million, and changes in our operating assets and liabilities of $25.1 million.

Net cash provided by operating activities of $110.9 million for the year ended December 31, 2024 was primarily related to our net loss of $69.2 million, adjusted for non-cash charges of $155.0 million, including share-based compensation expense of $131.1 million and depreciation and amortization of $21.5 million, and changes in our operating assets and liabilities of $25.1 million.

General and Administrative Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) General and administrative $ 70,021 $ 63,132 $ 6,889 11 % General and administrative expense increased for the year ended December 31, 2024 compared to the year ended December 31, 2023.

General and Administrative Year Ended December 31, 2025 2024 $ Change % Change (in thousands, except percentages) General and administrative $ 81,219 $ 70,021 $ 11,198 16 % General and administrative expense increased for the year ended December 31, 2025 compared to the year ended December 31, 2024.

We may also use the expected cost-plus margin approach to estimate the price we would charge if the products and services were sold separately.

We may also use the expected cost-plus margin approach to estimate the price we would charge if the products and services were sold separately. The standalone selling price is reassessed periodically or when facts and circumstances change.

The increase was primarily attributable to an increase of $17.3 million in share-based compensation expense, an increase of $13.6 60 Table of Contents million in personnel-related expenses mainly as a result of increased headcount, an increase of $2.7 million in allocated overhead costs, and an increase of $2.6 million in commissions.

The increase was primarily attributable to an increase of $11.9 million in personnel-related expenses mainly as a result of increased headcount, an increase of $8.1 million in share-based compensation expense, an increase of $7.3 million in commission expense, and an increase of $5.1 million in allocated overhead costs.

The increases in deferred revenue, accounts receivable, and deferred contract acquisition costs were driven by higher sales. 62 Table of Contents Investing Activities Net cash used in investing activities of $165.4 million for the year ended December 31, 2024 consisted primarily of payments for the Qwak acquisition of $156.7 million, net of cash acquired, and net purchases of short-term investments of $5.5 million.

Net cash used in investing activities of $165.4 million for the year ended December 31, 2024 consisted primarily of payments for the Qwak acquisition of $156.7 million, net of cash acquired, and net purchases of short-term investments of $5.5 million.

The increase was primarily attributable to an increase of $9.9 million in third-party hosting costs primarily driven by increased revenue from SaaS subscriptions, an increase of $4.8 million in personnel-related expenses mainly as a result of increased headcount, an increase of $4.8 million in share-based compensation expense as discussed in the section titled “ Share-Based Compensation Expense ” below, and an increase of $4.0 million in intangible amortization mainly as a result of our acquisition of Qwak AI Ltd.

The increase was primarily attributable to an increase of $10.6 million in third-party hosting costs primarily driven by increased 60 Table of Contents revenue from SaaS subscriptions, an increase of $5.9 million in personnel-related expenses mainly as a result of increased headcount, an increase of $3.8 million in intangible amortization as a result of our acquisition of Qwak AI Ltd.

Critical Accounting Estimates Our consolidated financial statements are prepared in accordance with GAAP. The preparation of these consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue and expenses, as well as related disclosures. We evaluate our estimates and assumptions on an ongoing basis.

The preparation of these consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue and expenses, as well as related disclosures. We evaluate our estimates and assumptions on an ongoing basis. Our estimates are based on historical experience and various other assumptions that we believe to be reasonable under the circumstances.

Operating Expenses Research and Development Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) Research and development $ 160,864 $ 134,584 $ 26,280 20 % Research and development expense increased for the year ended December 31, 2024 compared to the year ended December 31, 2023.

Operating Expenses Research and Development Year Ended December 31, 2025 2024 $ Change % Change (in thousands, except percentages) Research and development $ 195,089 $ 160,864 $ 34,225 21 % Research and development expense increased for the year ended December 31, 2025 compared to the year ended December 31, 2024.

The standalone selling price is reassessed periodically or when facts and circumstances change. 63 Table of Contents Business Combinations Accounting for business combinations requires us to make significant estimates and assumptions in determining the fair values of assets acquired and liabilities assumed, especially with respect to intangible assets .

Business Combinations Accounting for business combinations requires us to make significant estimates and assumptions in determining the fair values of assets acquired and liabilities assumed, especially with respect to intangible assets .

The increase was primarily attributable to an increase of $5.1 million in personnel-related expenses mainly as a result of increased headcount and an increase of $2.7 million in professional fees mainly related to legal and recruiting services.

The increase was primarily attributable to an increase of $5.2 million in share-based compensation expense and an increase of $5.0 million in personnel-related expenses mainly as a result of increased headcount.

Sales and Marketing Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) Sales and marketing $ 190,401 $ 150,675 $ 39,726 26 % Sales and marketing expense increased for the year ended December 31, 2024 compared to the year ended December 31, 2023.

Sales and Marketing Year Ended December 31, 2025 2024 $ Change % Change (in thousands, except percentages) Sales and marketing $ 223,932 $ 190,401 $ 33,531 18 % Sales and marketing expense increased for the year ended December 31, 2025 compared to the year ended December 31, 2024.

Net cash used in investing activities of $53.5 million for the year ended December 31, 2023 consisted primarily of net purchase of short-term investments of $51.5 million.

Investing Activities Net cash used in investing activities of $152.3 million for the year ended December 31, 2025 consisted primarily of net purchases of short-term investments of $148.8 million.

Cost of Revenue and Gross Margin Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) Subscription—self-managed and SaaS $ 97,758 $ 76,244 $ 21,514 28 % License—self-managed 542 799 (257 ) (32 ) Total cost of revenue—subscription $ 98,300 $ 77,043 $ 21,257 28 % Gross margin 77 % 78 % Total cost of revenue increased for the year ended December 31, 2024 compared to the year ended December 31, 2023.

Cost of Revenue and Gross Margin Year Ended December 31, 2025 2024 $ Change % Change (in thousands, except percentages) Subscription—self-managed and SaaS $ 123,337 $ 97,758 $ 25,579 26 % License—self-managed 116 542 (426 ) (79 )% Total cost of revenue—subscription $ 123,453 $ 98,300 $ 25,153 26 % Gross margin 77 % 77 % Total cost of revenue increased for the year ended December 31, 2025 compared to the year ended December 31, 2024.

Our estimates are based on historical experience and various other assumptions that we believe to be reasonable under the circumstances. As events continue to evolve and additional information becomes available, our estimates and assumptions may change materially in future periods.

As events continue to evolve and additional information becomes available, our estimates and assumptions may change materially in future periods.

Share-based Compensation Expense Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) Cost of revenue: subscription–self-managed and SaaS $ 14,555 $ 9,784 $ 4,771 49 % Research and development 48,192 32,689 15,503 47 Sales and marketing 47,603 30,338 17,265 57 General and administrative 20,756 22,360 (1,604 ) (7 ) Total share-based compensation expense $ 131,106 $ 95,171 $ 35,935 38 % The increase in share-based compensation expenses for the year ended December 31, 2024 compared to the year ended December 31, 2023 was primarily attributable to grants to new and existing employees.

Share-based Compensation Expense Year Ended December 31, 2025 2024 $ Change % Change (in thousands, except percentages) Cost of revenue: subscription–self-managed and SaaS $ 16,768 $ 14,555 $ 2,213 15 % Research and development 58,203 48,192 10,011 21 % Sales and marketing 55,749 47,603 8,146 17 % General and administrative 25,937 20,756 5,181 25 % Total share-based compensation expense $ 156,657 $ 131,106 $ 25,551 19 % The increase in share-based compensation expenses for the year ended December 31, 2025 compared to the year ended December 31, 2024 was primarily attributable to grants to new and existing employees.

The changes in operating assets and liabilities were primarily related to an increase of $38.4 million in deferred revenue and an increase of $10.7 million in accrued expense and other liabilities mainly due to higher accrued compensation and benefits, partially offset by an increase of $14.1 million in accounts receivable, an increase of $7.8 million in net deferred contract acquisition costs, and a decrease of $7.7 million in operating lease liabilities primarily as a result of payments.

These inflows were partially offset by an increase of $29.3 million in accounts receivable, an increase of $15.1 million in net deferred contract acquisition costs, and a decrease of $8.8 million in operating lease liabilities as a result of payments. The increases in deferred revenue, accounts receivable, and deferred contract acquisition costs were driven by higher sales.

Purchase obligations represent our commitments primarily for hosting services, software products and services under contracts with remaining terms of 12 months or longer. Obligations under contracts that we can cancel without a significant penalty are not included in the table above. We believe we will have sufficient liquidity from our operations to fulfill the commitments.

Obligations under contracts that we can cancel without a significant penalty are not included in the table above. We believe we will have sufficient liquidity from our operations to fulfill the commitments. 63 Table of Contents Critical Accounting Estimates Our consolidated financial statements are prepared in accordance with GAAP.

The increase was primarily attributable to an increase of $15.5 million in share-based compensation expense, an increase of $9.0 million in personnel-related expenses mainly as a result of increased headcount, and an increase of $3.0 million in costs of development environments and tools, partially offset by a decrease of $3.6 million in compensation expense associated with holdback and retention arrangements from our acquisitions.

The increase was primarily attributable to an increase of $20.7 million in personnel-related expenses mainly as a result of increased headcount and an increase of $10.0 million in share-based compensation expense.

Net cash provided by financing activities of $18.4 million for the year ended December 31, 2023 consisted primarily of proceeds from exercise of share options of $10.0 million and proceeds from employee share purchases under our ESPP of $6.7 million.

Financing Activities Net cash provided by financing activities of $31.2 million for the year ended December 31, 2025 consisted of proceeds from exercise of share options of $12.1 million, proceeds from our employee share purchase plan of $11.9 million, and net proceeds from employee equity transactions to be remitted to tax authorities or employees of $7.2 million.

Net cash provided by operating activities of $74.2 million for the year ended December 31, 2023 was primarily related to our net loss of $61.3 million, adjusted for non-cash charges of $112.1 million, including share-based compensation expense of $95.2 million and depreciation and amortization of $15.3 million, and changes in our operating assets and liabilities of $23.3 million.

The following table summarizes our cash flows for the periods presented: Year Ended December 31, 2025 2024 (in thousands) Net cash provided by operating activities $ 145,729 $ 110,924 Net cash used in investing activities $ (152,268 ) $ (165,356 ) Net cash provided by financing activities $ 31,210 $ 21,231 62 Table of Contents Operating Activities Net cash provided by operating activities of $145.7 million for the year ended December 31, 2025 was primarily related to our net loss of $71.8 million, adjusted for non-cash charges of $184.1 million, including share-based compensation expense of $156.7 million and depreciation and amortization of $24.5 million, and changes in our operating assets and liabilities of $33.5 million.

Removed

Overview JFrog provides a hybrid, universal, end-to-end software supply chain platform for delivering trusted, secure software updates from code to production.

Added

Overview JFrog provides a foundational platform for managing and securing the software supply chain. The JFrog Platform enables organizations to unify software development, security, governance, and distribution across hybrid teams, including developers, security professionals, Artificial Intelligence/Machine Learning (“AI/ML”) engineers and Artificial Intelligence agents.

Removed

Our goal is to function as the single source of truth for an organization’s software footprint, bridging digital gaps between developers, security teams, machine learning engineers, data scientists, and other business units to empower a world of always-on, always-current software which we refer to as “Liquid Software.” As of December 31, 2024, we had a global customer base of approximately 7,300 organizations across all industries and sizes, including approximately 82% of Fortune 100 organizations.

Added

It supports the consumption, creation, and continuous delivery of software from any user to any destination which we refer to as “Liquid Software.” During 2025, we revised our customer logo methodology to eliminate friction for our customers and sales teams to better align with global go-to-market practices, which resulted in the consolidation of certain organizations with multiple subsidiaries into a single entity.

Removed

Middle East Conflict On October 7, 2023, Hamas militants and members of other terrorist organizations infiltrated Israel’s southern border from the Gaza Strip and conducted a series of terror attacks on civilian and military targets. Following the attack, Israel’s security cabinet declared war against Hamas and commenced a military campaign against these terrorist organizations.

Added

As of December 31, 2025, we had a global customer base of approximately 6,600 organizations across all industries and sizes, including approximately 83% of Fortune 100 organizations.

Removed

Since the commencement of these events, there have been additional active hostilities, including with Hezbollah in Lebanon, Iran, and most recently, the Houthi movement which controls parts of Yemen.

Added

We may recognize tax benefits from the release of valuation allowance in 58 Table of Contents connection with acquisitions that create deferred tax liabilities.

Removed

The conflict has recently expanded into Lebanon and though ceasefires have been reached with Hamas in Gaza and Hezbollah in Lebanon, it is possible that hostilities will resume without warning and escalate into a greater regional conflict, and that additional terrorist organizations and countries could actively join the hostilities.

Added

(“Qwak”) in July 2024, and an increase of $2.2 million in share-based compensation expense as discussed in the section titled “ Share-Based Compensation Expense ” below. Gross margin remained consistent for the year ended December 31, 2025 compared to the year ended December 31, 2024.

Removed

Although we are domiciled in Israel, we are a global, cloud-based company, with operations spanning numerous countries with redundant infrastructure and code located outside of Israel.

Added

The increase also includes $5.4 million, mostly in research and development, related to ordinary share holdbacks and replacement equity awards from the Qwak acquisition. 61 Table of Contents Interest and Other Income, Net Year Ended December 31, 2025 2024 $ Change % Change (in thousands, except percentages) Interest and other income, net $ 25,816 $ 25,278 $ 538 2 % Interest and other income, net remained consistent for the year ended December 31, 2025 compared to the year ended December 31, 2024.

Removed

We have activated and maintained a comprehensive three-pillar business continuity plan and have taken the necessary steps which we believe are in line with such plan, in an effort to ensure that our operations and service to our customers remain consistent.

Added

Changes in operating assets and liabilities were primarily related to an increase of $67.8 million in deferred revenue and an increase of $20.8 million in accrued expense and other liabilities mainly due to higher accrued compensation and benefits.

Removed

The first pillar is our internal plan focused on the safety of our employees in Israel and maintaining internal communication channels. The second pillar revolves around technology to support continuity of our services, security, cyber defense, and research and development. The third pillar is dedicated to our external-facing activities to promote continuity of customer engagements, support and external communication.

Added

Contractual Obligations The following table summarizes our non-cancellable contractual obligations as of December 31, 2025: Payments Due by Period Total Short-term Long-term (in thousands) Operating lease obligations $ 13,588 $ 6,234 $ 7,354 Purchase obligations 310,460 64,547 245,913 Total $ 324,048 $ 70,781 $ 253,267 As of December 31, 2025, we had an additional commitment of $114.0 million for an operating lease related to a facility that had not yet commenced.

Removed

While certain of our employees and consultants have been called into military service, there has been no major interruption or material adverse impact on our operating results as of the date of this Annual Report on Form 10-K. We will continue to monitor the situation as it progresses.

Added

The lease will commence in 2026 with a lease term of 10 years. The contractual commitment amounts in the table above are associated with agreements that are enforceable and legally binding. Purchase obligations represent our commitments primarily for hosting services, software products and services under contracts with remaining terms of 12 months or longer.

Removed

(“Qwak”) in July 2024, partially offset by a decrease of $2.5 million in costs associated with software and subscription costs. Gross margin slightly decreased for the year ended December 31, 2024 compared to the year ended December 31, 2023, reflecting a shift in our revenue mix, as SaaS subscriptions, which incur higher hosting costs, contributed to a lower overall margin.

Removed

Additionally, in 2024, we recognized $5.2 million share-based compensation expense primarily in research and development, related to Qwak acquisition holdback ordinary shares and replacement RSUs.

Removed

Interest and Other Income, Net Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) Interest and other income, net $ 25,278 $ 21,032 $ 4,246 20 % Interest and other income, net increased for the year ended December 31, 2024 compared to the year ended December 31, 2023, primarily due to higher interest income as a result of higher interest rates on our deposits and marketable securities.

Removed

Contractual Obligations The following table summarizes our non-cancellable contractual obligations as of December 31, 2024: Payments Due by Period Total Short-term Long-term (in thousands) Operating lease obligations $ 14,552 $ 8,138 $ 6,414 Purchase obligations 49,058 16,407 32,651 Total $ 63,610 $ 24,545 $ 39,065 The contractual commitment amounts in the table above are associated with agreements that are enforceable and legally binding.

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Market Risk — interest-rate, FX, commodity exposure

9 edited+0 added−2 removed5 unchanged

2024 filing

2025 filing

Biggest changeA 10% adverse change in current exchange rates would not have materially affected our cash, cash equivalents, restricted cash, and short-term investment balances as of December 31, 2024. Interest Rate Risk As of December 31, 2024, we had cash and cash equivalents of $49.9 million, and short-term investments of $472.1 million.

Biggest changeAs of December 31, 2025, our cash, cash equivalents, restricted cash, and short-term investments were primarily denominated in U.S. dollars. A 10% adverse change in current exchange rates would not have materially affected our cash, cash equivalents, restricted cash, and short-term investment balances as of December 31, 2025.

Changes in interest rates affect the interest earned on our cash and cash equivalents and marketable securities, and the market value of those securities. A hypothetical 1% increase in interest rates would not have had a material impact on their fair value as of December 31, 2024.

The primary objectives of our investment activities are the preservation of capital, the fulfillment of liquidity needs and the fiduciary control of cash. We do not enter into investments for trading or speculative purposes. Such interest-earning instruments carry a degree of interest rate risk.

Our cash, cash equivalents, and short-term investments are held for working capital purposes. The primary objectives of our investment activities are the preservation of capital, the fulfillment of liquidity needs and the fiduciary control of cash. We do not enter into investments for trading or speculative purposes. Such interest-earning instruments carry a degree of interest rate risk.

The effect of a hypothetical 10% change in foreign currency exchange rates applicable to our business, after considering our hedging programs, would not have had a material impact on our results of operations for the years ended December 31, 2024, 2023, and 2022, respectively.

Our hedging program reduces but does not eliminate the impact of currency exchange rate movements. The effect of a hypothetical 10% change in foreign currency exchange rates applicable to our business, after considering our hedging programs, would not have had a material impact on our results of operations for the years ended December 31, 2025, 2024, and 2023, respectively.

We seek to mitigate such risk by limiting our counterparties to major financial institutions, spreading the risk across a number of major financial institutions, and closely monitoring rating downgrades. However, failure of one or more of these financial institutions is possible and could result in incurred losses.

We anticipate that a material portion of our expenses will continue to be denominated in NIS. To reduce the impact of foreign exchange risks associated with forecasted future cash flows and certain existing assets and liabilities and the volatility in our Consolidated Statements of Operations, we have established a hedging program.

To reduce the impact of foreign exchange risks associated with forecasted future cash flows and certain existing assets and liabilities and the volatility in our Consolidated Statements of Operations, we have established a hedging program. Foreign currency contracts are generally utilized in this hedging program. Our foreign currency contracts are generally short-term in duration.

Foreign currency contracts are generally utilized in this hedging program. Our foreign currency contracts are generally short-term in duration. We do not enter into derivative instruments for trading or speculative purposes. We account for our derivative instruments as either assets or liabilities and carry them at fair value in the Consolidated Balance Sheets.

We do not enter into derivative instruments for trading or speculative purposes. We account for our derivative instruments as either assets or liabilities and carry them at fair value in the Consolidated Balance Sheets. The accounting for changes in the fair value of the derivative depends on the intended use of the derivative and the resulting designation.

Cash and cash equivalents primarily consist of cash in banks and money market funds. Short-term investments generally consist of bank deposits, certificates of deposit, commercial paper, corporate debt securities, municipal securities, and government and agency debt. Our cash, cash equivalents, and short-term investments are held for working capital purposes.

Interest Rate Risk As of December 31, 2025, we had cash and cash equivalents of $75.8 million, and short-term investments of $628.6 million. Cash and cash equivalents primarily consist of cash in banks and money market funds. Short-term investments generally consist of bank deposits, certificates of deposit, commercial paper, corporate debt securities, municipal securities, and government and agency debt.

This foreign currency exposure gives rise to market risk associated with exchange rate movements of the U.S. dollar against the NIS. Since the beginning of the war between Israel, Hamas and Hezbollah, the volatility of NIS against the U.S. dollar has not materially affected the results of our business.

This foreign currency exposure gives rise to market risk associated with exchange rate movements of the U.S. dollar against the NIS. Further, we anticipate that a material portion of our expenses will continue to be denominated in NIS.

Removed

The accounting for changes in the fair value of the derivative depends on the intended use of the derivative and the resulting designation. Our hedging program reduces but does not eliminate the impact of currency exchange rate movements.

Removed

However, failure of one or more of these financial institutions is possible and could result in incurred losses. 64 Table of Contents As of December 31, 2024, our cash, cash equivalents, restricted cash, and short-term investments were primarily denominated in U.S. dollars.

Top changes in JFrog Ltd's 2025 10-K

Item 1. Business

Item 1A. Risk Factors

Item 2. Properties

Item 3. Legal Proceedings

Item 5. Market for Registrant's Common Equity

Item 7. Management's Discussion & Analysis

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Other FROG 10-K year-over-year comparisons