What changed in JFrog Ltd's 2024 10-K compared to 2023?

Across the narrative sections we track, JFrog Ltd (FROG) added 504 paragraphs, removed 547, and edited 412 between the 2023 and 2024 10-K filings. The biggest movers are Item 1A. Risk Factors (+281/−318), Item 1. Business (+128/−144), Item 7. Management's Discussion & Analysis (+78/−71).

Did JFrog Ltd add new Risk Factors in the 2024 10-K?

Yes — Item 1A Risk Factors shows 281 new/edited paragraphs and 318 removed paragraphs versus the 2023 10-K.

What changed in JFrog Ltd's MD&A (Item 7) in 2024?

Item 7 Management's Discussion & Analysis shows 78 new/edited paragraphs and 71 removed paragraphs year-over-year. Read the side-by-side diff to see exactly which revenue, margin, and outlook commentary was rewritten.

Did JFrog Ltd's Legal Proceedings (Item 3) change in 2024?

Item 3 shows 1 added/edited paragraphs and 1 removed paragraphs — usually indicating new litigation disclosed or settled cases removed.

Where does this FROG 10-K diff come from?

The source filings are JFrog Ltd's official 2023 and 2024 Form 10-K annual reports from SEC EDGAR. 10q10k.net parses each filing, aligns paragraphs by section (Item 1, 1A, 1C, 2, 3, 7, 7A), and highlights every added, removed and edited sentence side-by-side.

What changed in JFrog Ltd's 10-K — 2023 vs 2024

Paragraph-level year-over-year comparison of JFrog Ltd's 2023 and 2024 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2024 report.

+504 added−547 removedSource: 10-K (2025-02-14) vs 10-K (2024-02-15)

Top changes in JFrog Ltd's 2024 10-K

504 paragraphs added · 547 removed · 412 edited across 7 sections

Item 1A. Risk Factors+281 / −318 · 232 edited
Item 1. Business+128 / −144 · 103 edited
Item 7. Management's Discussion & Analysis+78 / −71 · 63 edited
Item 7A. Quantitative and Qualitative Disclosures About Market Risk+10 / −8 · 8 edited
Item 5. Market for Registrant's Common Equity+4 / −4 · 4 edited

Item 1. Business

Business — how the company describes what it does

103 edited+25 added−41 removed42 unchanged

2023 filing

2024 filing

Biggest changeJFrog Enterprise Plus customers are also able to purchase the full suite of JFrog security products. • Additional, optional subscriptions. o JFrog Advanced Security , with functionality for Infrastructure as Code scanning, container scanning, contextual analysis and more, is available as an optional, add-on subscription for Enterprise X and Enterprise Plus subscribers, as well as through private offers in the cloud marketplaces. o JFrog Curation functions as a guardian outside the software development pipeline, controlling the admission of packages into an organization, primarily from open source or public repositories. o JFrog Connect functionality for IoT devices is available for separate purchase while in early production phases.

Biggest changeJFrog Enterprise Plus customers are also able to purchase the full suite of JFrog security and/or IoT products and are granted access to JFrog and GitHub integrations, including GitHub Copilot and GitHub Advanced Security integrations designed for a single platform experience for developers. • JFrog ML, with features to help data science and machine learning engineering teams build, test and deploy machine learning models into the software development pipeline, is available to Enterprise X and Enterprise Plus customers. • Additional, optional subscriptions. o JFrog Advanced Security, with functionality for SAST, IaC scanning, container scanning, contextual analysis and more, is available as an optional, add-on subscription for Enterprise X and Enterprise Plus subscribers, as well as through private offers in the cloud marketplaces. o JFrog Runtime Security, with functionality that provides in-depth security monitoring and analysis of production environments, is available as an optional, add-on subscription for customers already utilizing JFrog Advanced Security and Curation. o JFrog Curation functions as a guardian outside the software development pipeline, controlling the admission of packages into an organization, primarily from open source or public repositories. o JFrog Connect functionality for IoT devices is available for separate purchase as a means to control updates and deployments to device fleets.

Our platform supports a wide variety of enterprise-scale storage capabilities and also accommodates spikes in usage without compromised performance. The JFrog Platform supports High Availability cluster configuration, in which redundant components are created to maximize network uptime, and can therefore seamlessly serve nearly any number of concurrent users, build servers, and interactions. • Trusted and secure.

Our platform supports a wide variety of enterprise-scale storage and retention capabilities and also accommodates spikes in usage without compromised performance. The JFrog Platform supports High Availability cluster configuration, in which redundant components are created to maximize network uptime and can therefore seamlessly serve nearly any number of concurrent users, build servers, and interactions. • Trusted and secure.

In addition to competitive base salaries and other cash compensation, we offer equity incentive plans that align the interest of our employees with our shareholders by motivating individuals to perform to the best of their abilities and achieve our business objectives, driving the success of our company and increasing shareholder value.

In addition to competitive base salaries and other cash compensation, we offer equity incentive plans that align the interest of our employees with our shareholders by motivating individuals to perform to the best of their abilities and achieve our business objectives, thereby driving the success of our company and increasing shareholder value.

Many companies address only certain parts of the DevOps cycle and may compete with a limited set of JFrog offerings, including Microsoft’s GitHub, GitLab, Inc., Cloudsmith and Sonatype. • Cloud providers.

Many companies address only certain parts of the DevOps cycle and may compete with a limited set of JFrog offerings, including Microsoft’s GitHub, GitLab, Cloudsmith, and Sonatype. • Cloud providers.

We are agnostic to the types of technologies a software developer or IT operator may choose to use, which is a philosophy that we believe provides us with a competitive advantage. Our platform is designed to quickly and seamlessly add support for new package technologies as they arise. o Align pricing with value provided.

We are agnostic to the types of technologies a software developer or IT operator may choose to use, which we believe provides us with a competitive advantage. Our platform is designed to quickly and seamlessly add support for new package technologies as they arise. o Align pricing with value provided.

We will continue to invest in building new capabilities and extending our platform to bring the power of software supply chain management to a broader range of use cases, including maturation of security solutions for DevSecOps, expansion of AI-enabling technologies including MLOps, and continuing to enable DevOps solutions for devices on the edge.

We expect to continue to invest in building new capabilities and extending our platform to bring the power of software supply chain management to a broader range of use cases, including maturation of security solutions for DevSecOps, expansion of AI-enabling technologies including MLOps, and continuing to enable DevOps solutions for devices on the edge.

JFrog Xray also provides unique security information to customers that is derived from a dedicated security research team that uncovers vulnerabilities in public and private repositories. • JFrog Advanced Security . JFrog Advanced Security is an optional add-on for select JFrog subscriptions as an advanced, binary-focused security solution integrated into the JFrog Platform.

JFrog Xray also provides unique security information to customers that is derived from a dedicated security research team that uncovers vulnerabilities in public and private repositories. • JFrog Advanced Security. JFrog Advanced Security is an optional add-on for select JFrog subscriptions as an advanced security solution integrated into the JFrog Platform.

Our platform embeds security into the DevOps workflow, creating a seamless DevSecOps flow that allows organizations to have speed and control in the software release cycle. All software packages on our platform are fully traceable, ensuring the accuracy and reliability of software applications.

Our platform embeds security into the DevOps and MLOps workflow, creating a seamless DevSecOps and MLSecOps flow that allows organizations to have speed and control in the software release cycle. All software packages on our platform are fully traceable, ensuring the accuracy and reliability of software applications.

Tracking and managing software at the package level enables organizations to make incremental updates to software, and deliver trusted software bill of materials (SBOMs) alongside their software releases. Package management allows software releases to be continuous, and capable of handling the volume, variety, security and velocity of trusted software required today.

Tracking and managing software at the package level enables organizations to make incremental updates to software and deliver trusted software bill of materials alongside their software releases. Universal package management allows software releases to be continuous, and capable of handling the volume, variety, security, and velocity of trusted software required today.

Additionally, we engage with prospective end-users through user-centered events, including JFrog swampUP, our annual, global DevOps and user conference, hands-on training events, persona-driven events, and co-marketing activities with technology partners and large cloud platforms.

Additionally, we engage with prospective end-users through user-centered events, including JFrog swampUP, our annual, global DevOps, DevSecOps, and MLOps user conference, hands-on training events, persona-driven events, and co-marketing activities with technology partners and large cloud platforms.

JFrog Pro X is a self-hosted-only subscription that provides the same features as JFrog Pro with the addition of JFrog Xray basic scanning functionality and license compliance, along with service-level agreement (“SLA”) support. • JFrog Enterprise X .

JFrog Pro X is a self-managed-only subscription that provides the same features as JFrog Pro with the addition of JFrog Xray basic scanning functionality and license compliance, along with service-level agreement (“SLA”) support. • JFrog Enterprise X.

Once a user has decided to use our products 13 Table of Contents beyond what is available in open source or at the end of a free trial, they can upgrade to one of our paid subscriptions, which are priced based on number of servers or consumption to align the value we deliver with our customers’ needs as they scale.

Once a user has decided to use our products beyond what is available in open source or at the end of a free trial, they can upgrade to one of our paid subscriptions, which are priced based on number of servers or consumption to align the value we deliver with our customers’ needs as they scale.

Our platform is designed to quickly and seamlessly add support for new package technologies as they arise, ensuring a comprehensive view of an organization’s software supply chain. • Curated public repositories . JFrog Artifactory automatically queries third-party repositories and allows organizations to exert choice and governance in the software packages they cache.

Our platform is designed to quickly and seamlessly add support for new package technologies as they arise, ensuring a comprehensive view of an organization’s software supply chain. 11 Table of Contents • Curated public repositories. JFrog Artifactory automatically queries third-party repositories and allows organizations to exert choice and governance in the software packages they cache.

Our customer success teams are focused on enabling organizations to realize the full benefits of our platform by helping them advance DevSecOps practices and promoting the adoption of additional products and more advanced functionality of our platform.

Our customer success teams are focused on enabling organizations to realize the full benefits of our platform by helping them advance DevOps, DevSecOps, and MLOps practices and promoting the adoption of additional products and more advanced functionality of our platform.

We provide a central, unified platform for our customers’ software release needs with our universal package management solution, JFrog Artifactory, at its core and a portfolio of adjacent products including build integration, workflow automation, security, and deployment. We designed our products to integrate with each other natively, with a unified user interface.

We provide a central, unified platform for our customers’ software release needs with our universal package management solution, JFrog Artifactory, at its core and a portfolio of adjacent solutions including build integration, workflow automation, software supply chain security, and deployment. We designed our products to integrate with each other natively, with a unified user interface.

Through our JFrog Artifactory package management solution, software developers, security teams, and IT operators are able to automatically fetch software packages from public and private repositories, ensure that packages are consistent across their organizations’ instances of JFrog Artifactory, scan for vulnerabilities and contextual errors with our security solutions, and manage dependencies among packages.

Through our JFrog Artifactory package management solution, software developers, security teams, machine learning engineers, and IT operators are able to automatically fetch software packages from public and private repositories, ensure that packages are consistent across their organizations’ instances of JFrog Artifactory, scan for vulnerabilities and contextual errors with our security solutions, and manage dependencies among packages.

Our free trial subscription options and open source version of JFrog Artifactory increase software developer, security and IT operator familiarity with our products, and allow for low-friction product adoption. MLOps functionality may expose JFrog solutions to new audiences such as AI/ML Engineers and Data Scientists.

Our extensive integrations with technologies across the software development ecosystem power significant extensibility of our platform and offer our customers the ability to use external software development technologies of their choice on our platform, driving increased customer affinity and product stickiness. Multi-Tiered Subscription Offerings We offer our products to customers through a multi-tiered subscription structure.

Our extensive integrations with technologies across the software development and AI ecosystems power significant extensibility of our platform and offer our customers the ability to use external software development technologies of their choice on our platform, driving increased customer affinity and product stickiness. Multi-Tiered Subscription Offerings We offer our products to customers through a multi-tiered subscription structure.

Our enterprise-level and field marketing functions support our strategic sales team, providing an account-based approach to drive expansion of JFrog solutions amongst our largest customers and prospects.

Our enterprise-level and geography-focused field marketing functions support our strategic sales team, providing an account-based approach to drive expansion of JFrog solutions amongst our largest customers and prospects.

Our unique model offers the same product in the cloud and on-premise, so users can work in any environment with an identical user experience. • Scalable across the organization. Our proprietary technology for package management allows our platform to seamlessly scale across even the largest of customers and deployments.

Our unique model offers the same product in the cloud and on-premise, so users can work in any environment with an identical user experience. • Scalable across the organization. Proprietary technology allows our platform to seamlessly scale across even the largest of customers and deployments.

Research and development employees are located primarily in our Israel and India offices. Our research and development team consists of our architects, software engineers, security experts, DevOps engineers, product management, quali ty assurance, and data collection teams. We intend to continue to invest in our research and development capabilities to extend our platform and products.

Research and development employees are located primarily in our Israel and India offices. Our research and development team consists of our architects, software engineers, security experts, DevOps engineers, AI and machine learning experts, product management, quali ty assurance, and data collection teams. We intend to continue to invest in our research and development capabilities to extend our platform and products.

The SEC also maintains an Internet website that contains reports, proxy statements and other information about issuers, like us, that file electronically with the SEC. The address of that website is https://www.sec.gov. 17 Table of Contents We webcast our earnings calls and certain events we participate in or host with members of the investment community on our investor relations website.

The SEC also maintains an Internet website that contains reports, proxy statements and other information about issuers, like us, that file electronically with the SEC. The address of that website is https://www.sec.gov. We webcast our earnings calls and certain events in which we participate or host with members of the investment community on our investor relations website.

Our platform supports public cloud, on-premise, private cloud, multi-cloud, and hybrid deployments, helping organizations avoid vendor lock-in and allowing software developers, security and IT operators across an organization to use our products in any environment.

Our cloud-native platform supports public cloud, on-premise, private cloud, multi-cloud, and hybrid deployments, helping organizations avoid vendor lock-in and allowing software developers, security, machine learning, and IT operators across an organization to use our products in any environment.

We have an unwavering commitment to the software developer, security teams, and IT operator communities, and show this commitment by offering varying forms of free access to our products in addition to the paid subscriptions described above.

We have an unwavering commitment to the software developer, MLOps teams, security teams, and IT operator communities, and demonstrate this commitment by offering varying forms of free access to our products in addition to the paid subscriptions described above.

We care more; it’s the source of our “better-ness.” 16 Table of Contents Recruiting, Training and Development Our human capital objectives include, as applicable, identifying, recruiting, retaining, incentivizing and integrating our existing and new employees and consultants. We attract new employees by advertising on our JFrog careers website, as well as leveraging our employee referral program.

We care more; it’s the source of our “better-ness.” Recruiting, Training and Development Our human capital objectives include, as applicable, identifying, recruiting, retaining, incentivizing and integrating our existing and new employees and consultants. We attract new employees by advertising on our JFrog careers website and on LinkedIn, as well as leveraging our employee referral program.

Our consistent product innovation, thought leadership in software supply chain management, and knowledge sharing with software developer, security teams, and IT operator communities engender trust that fuels increased usage of our products.

Our product innovation, thought leadership in software supply chain management, and knowledge sharing with software developer, security teams, machine learning, and IT operator communities engender trust that fuels increased usage of our products.

For example, our workforce is diverse both in ethnicity and gender, including and up to the highest level of management, where three of our 9-member board and four of our 12-member executive management team are women. Compensation and Benefits Our compensation policy is designed to attract, retain and reward personnel.

For example, our workforce is diverse both in ethnicity and gender, including and up to the highest level of management, where three of our 10-member board and three of our 10-member executive management team are women. Compensation and Benefits Our compensation policy is designed to attract, retain and reward personnel.

Our customer support team is differentiated by the number of team members who have engineering backgrounds, which allows our customers to have consistent access to individuals with intimate technical knowledge of our products and of the different technologies and protocols with which they integrate.

We empower our customers to shorten their software release cycles and enable the continuous flow of current, secure, up-to-date software from any source to any edge.

We empower our customers to shorten their software and AI technology release cycles and enable the continuous flow of current, secure, up-to-date software from any source to any distributed edge.

Additionally, we 11 Table of Contents have steadily grown our international presence since inception and intend to continue to expand regionally as DevOps and DevSecOps practices are increasingly adopted around the world. • Expand and develop our technology partnership ecosystem.

Additionally, we have steadily grown our international presence since inception and intend to continue to expand regionally as DevOps and DevSecOps practices are increasingly adopted around the world. • Expand and develop our technology partnership ecosystem.

The center of our platform, JFrog Artifactory, stores software packages and manages the metadata from major package technologies, including Docker, OCI, Debian, RPM, Go, Helm, Kubernetes, NPM, NuGet, Python, Java and Rust.

We have demonstrated a differentiated ability to retain customers, expand existing customer usage, and cross-sell a broader set of products and features within an organization. Our net dollar retention rate (“ARR”) of 119% as of December 31, 2023 highlights the increasing value of our products to our customer base.

We have demonstrated a differentiated ability to retain customers, expand existing customer usage, and cross-sell a broader set of products and features within an organization. Our net dollar retention rate of 116% as of December 31, 2024, highlights the increasing value of our products to our customer base.

To enhance application quality while minimizing risk, our security controls offer customizable governance policies to specific software packages and complete auditing capabilities and business impact analysis. Benefits to Software Developers, Security Teams, and IT Operators • Easy, secure, and automated package management.

To enhance application quality while minimizing risk, our security controls offer customizable governance policies to specific software packages and complete auditing capabilities and business impact analysis. Benefits to Software Developers, Security Teams, Machine Learning Engineers, Data Scientists, and IT Operators • Easy, secure, and automated package management.

Some security-focused companies may compete with a subset of JFrog’s holistic security offerings or address only developer-level security, such as Aqua Security, Snyk, Sonatype and Synopsys. • Diversified vendors. Some diversified technology companies, such as IBM, Inc. (including Red Hat), Pivotal Software and VMware, Inc. (now Broadcom Inc.) may have offerings that compete with certain JFrog products.

Some security-focused companies may compete with a subset of JFrog’s holistic security offerings or address only developer-level security, such as Aqua Security, Snyk, Sonatype, and Black Duck. • Diversified vendors. Some diversified technology companies, such as IBM, Inc. (including Red Hat), Pivotal Software, and Broadcom’s VMware may have offerings that compete with certain JFrog products.

In addition to annual performance reviews and merit-based compensation, we also encourage employees and their managers to maintain an open dialogue on progress throughout the year. Moreover, we focus on providing each employee an individualized career path and professional development opportunities. Diversity, Inclusion and Equity (“DEI”) We recognize and view equality as key to our success.

In addition to annual performance reviews and merit-based compensation, we also encourage employees and their managers to maintain an open dialogue on progress throughout the year. Moreover, we focus on providing each employee an individualized career path and professional development opportunities. Everyone Counts, Everyone Matters We recognize and view equality as key to our success.

While also partners, cloud providers, such as Amazon Web Services (AWS), Microsoft Azure (including Azure DevOps) and Alphabet Inc.’s Google Cloud, may compete with a subset of JFrog functionality. 14 Table of Contents • Security point solutions.

While also partners, cloud providers, such as Amazon Web Services (“AWS”), Microsoft Azure (including Azure DevOps) and Alphabet Inc.’s Google Cloud, may compete with a subset of JFrog functionality. • Security point solutions.

We compete on the basis of a number of factors, including: • ability to provide an end-to-end, unified platform for the DevOps and DevSecOps workflows; • ability to provide security solutions across software developers and enterprise workflows; • ability to provide machine learning operation solutions across enterprise workflows; • breadth of technologies we support; • breadth of technology integrations; • total cost of ownership; • extensibility across organizations, including software developers, security teams, AI/ML engineers, data scientists, and IT managers; • ability to enable collaboration between software developers, security teams, and IT operators; • ability to deploy our products in any combination of cloud, multi-cloud or on-premises environments; • performance, security, scalability, and reliability in tandem; • quality of customer experience and satisfaction; • quality of customer support; • ease of implementation and use; and • brand recognition and reputation.

Competition We compete in the DevOps, DecSecOps, and MLOps markets on the basis of a number of factors, including: • ability to provide an end-to-end, unified platform for secure software supply chain workflows; • ability to provide security solutions across software developers and enterprise workflows; • ability to provide machine learning operation solutions across enterprise workflows; • breadth of technologies we support; • breadth of technology integrations; • total cost of ownership; • extensibility across organizations, including software developers, security teams, machine learning engineers, data scientists, and IT managers; • ability to enable collaboration between software developers, security teams, and IT operators; 13 Table of Contents • ability to deploy our products in any combination of cloud, multi-cloud or on-premises environments; • performance, security, scalability, and reliability in tandem; • quality of customer experience and satisfaction; • quality of customer support; • ease of implementation and use; and • brand recognition and reputation.

Our subscription structure is aligned with the way we have built our product platform, with JFrog Artifactory at the core of each subscription and a portfolio of adjacent products and services that differ by subscription tier. Our pricing model aligns the value we deliver with our customers’ needs as they scale. • Technology partnership ecosystem.

Our subscription structure is aligned with the way we have built our product platform, with JFrog Artifactory at the core of each subscription and a portfolio of specific solutions and services that differ by subscription tier. Our pricing model aligns the value we deliver with our customers’ needs as they scale. 9 Table of Contents • Technology partnership ecosystem.

Our platform accelerates the software release cycle by enabling the automation of workflows across teams and providing tight coordination between development and operations groups, removing silos within organizations’ software release processes.

Our platform accelerates the software release cycle by enabling the automation of workflows across teams and providing tight coordination between development, security, data science, machine learning and operations groups, removing silos within organizations’ software release processes.

Scanners that analyze the actual exploit risk of a vulnerability, in-context, based on the environment under which it exists and minimize security "noise" for developers so that they can focus on fixing the impactful 12 Table of Contents issues. Scanners include Contextual Analysis, Service and Application Exposures, SAST, IaC Analysis and Secrets Detection. • Package Admission Filtering.

Scanners that analyze the actual exploit risk of a vulnerability, in-context, based on the environment under which it exists and minimize security "noise" for developers so that they can focus on fixing the impactful issues. Scanners include Contextual Analysis, Service and Application Exposures, SAST, IaC Analysis and Secrets Detection. • Machine learning security.

JFrog Curation functions as a guardian outside the software development pipeline, controlling the admission of packages into an organization, primarily from open source or public repositories.

JFrog Curation is an optional add-on and functions as a guardian outside the software development pipeline, controlling the admission of packages into an organization, primarily from open source or public repositories.

Our platform natively supports the major package technologies, including package libraries, continuous integration tools, container registries, and testing and deployment tools, and has been designed to quickly and seamlessly add support for new package technologies as they arise.

Our platform natively supports all major package technologies, including package libraries, continuous integration tools, container registries, and testing and deployment tools, and has been designed to quickly and seamlessly add support for new package technologies as they arise, including ML- and AI-centric packages.

This allows organizations to effectively and efficiently manage the full software supply chain through a single user access point. 8 Table of Contents • A “blessed” repository for the organization. We designed JFrog Artifactory to be the only package repository that an organization needs.

This allows organizations to effectively and efficiently manage the full software supply chain through a single user access point. • A single source of truth for the digital organization. We designed JFrog Artifactory to be the only software package repository that an organization needs.

JFrog Curation acts as a firewall for open source and third party packages coming from public repositories. By using JFrog Catalog as a database of open source packages and their advanced metadata, Curation applies policies to govern the admission of new package versions into the company’s repositories. • Hierarchical graph of software packages .

By using JFrog Catalog as a database of open source packages and their advanced metadata, Curation applies policies to govern the admission of new package versions into the company’s repositories. • Hierarchical graph of software packages.

Our solution includes user-friendly application programming interfaces (“APIs”) that organizations can use to integrate our products and third-party technologies in a reliable and high-performance manner. • Universal and extensible.

Our solution includes user-friendly 8 Table of Contents application programming interfaces (“APIs”) that organizations can use to integrate our hybrid solutions and third-party technologies in a reliable and high-performance manner. • Universal and extensible.

We emphasize this principle in our CODEX value “ Everyone Counts Everyone Matters ” and aim to provide our employees a diverse, equitable, and inclusive work environment. We continue to support DEI-focused hiring and mandatory DEI training for all employees.

We emphasize this principle in our CODEX value “ Everyone Counts Everyone Matters ” and aim to provide our employees a diverse, equitable, and inclusive work environment. We continue to support equal opportunity in hiring and mandatory non-discrimination and anti-harassment training for all employees.

Software packages addressed by JFrog Curation rely on the JFrog Catalog of open source package information, with over 4 million unique packages and their advanced metadata available. 7 Table of Contents • JFrog Xray (Security Essential) . JFrog Xray continuously scans JFrog Artifactory to secure all software packages stored in it.

JFrog Curation relies on the JFrog Catalog of open source package information, with over 4 million unique packages and their advanced metadata available. • JFrog Xray (Security Essentials). JFrog Xray continuously scans JFrog Artifactory to secure all software packages stored in it.

Customers As of December 31, 2023, we had a global customer base of approximately 7,400 organizations across all industries and sizes, including approximately 83% of Fortune 100 organizations.

Customers As of December 31, 2024, we had a global customer base of approximately 7,300 organizations across all industries and sizes, including approximately 82% of Fortune 100 organizations.

Our current paid subscription tiers include JFrog Pro, JFrog Pro X, JFrog Enterprise X, and JFrog Enterprise Plus. • JFrog Pro . JFrog Pro provides access to the universal version of JFrog Artifactory and ongoing updates, upgrades, and bug fixes. 10 Table of Contents • JFrog Pro X .

Our current paid subscription tiers include JFrog Pro, JFrog Pro X, JFrog Enterprise X, and JFrog Enterprise Plus. • JFrog Pro. JFrog Pro is cloud-only subscription that provides access only to the universal version of JFrog Artifactory and ongoing updates, upgrades, and bug fixes. • JFrog Pro X.

Natively integrated with JFrog’s Artifactory binary repository and JFrog Xray’s software composition analysis solutions, JFrog Advanced Security capabilities, including source code scanning (SAST), secrets detection, contextual analysis, IaC scanning, container scanning, malicious ML model detection and more, offer holistic coverage for software supply chain security at scale. • JFrog Distribution .

Natively integrated with JFrog’s Artifactory binary repository and JFrog Xray’s software composition analysis solutions, JFrog Advanced Security capabilities, including source code scanning (“SAST”), secrets detection, contextual analysis, Infrastructure as Code (“IaC”) scanning, container scanning, malicious machine learning model detection and more, offer holistic coverage for software supply chain security at scale. • JFrog Runtime Security.

JFrog Connect is our connected device management solution that allows companies to manage software updates and monitor performance across IoT device fleets from anywhere in the world. JFrog Connect scales to automate software package delivery across the development-to-device lifecycle. • JFrog Pipelines.

JFrog Connect is a connected device management solution that allows companies to manage software updates and monitor performance across Internet of Things (“IoT”) device fleets from anywhere in the world. JFrog Connect scales to automate secure software package delivery across the development-to-device lifecycle. • JFrog ML.

We have used, and intend to continue to use, our website, investor relations website, our blog and Twitter accounts as a means of disclosing material non-public information and for complying with our disclosure obligations under Regulation FD.

Available Information Our website address is https://www.jfrog.com, our investor relations website is https://investors.jfrog.com, our blog https://www.jfrog.com/blog and our X account is @JFrog. We have used, and intend to continue to use, our website, investor relations website, our blog and X accounts as a means of disclosing material non-public information and for complying with our disclosure obligations under Regulation FD.

This is commonly referred to as a “blessed repository.” JFrog Artifactory automatically caches updated software packages from both external and internal repositories, ensuring that an organization always has the latest, validated packages available. • Acceleration through automation.

JFrog Artifactory automatically caches updated software packages from both external and internal repositories, ensuring that an organization always has the latest, validated packages available. • Acceleration through automation.

JFrog Distribution provides reliable, scalable, and secure software package distribution with enterprise-grade performance. It uses proprietary technology to reliably and optimally distribute packages to multiple locations and update them as new release versions are produced.

JFrog Distribution provides reliable, scalable, and secure software package distribution with enterprise-grade performance. It uses proprietary technology to reliably distribute packages to multiple locations and update them as new release versions are produced. JFrog Distribution offers native support for the major package technologies, allowing smooth integrations. • JFrog Connect.

Our agent for service of process in the United States is JFrog, Inc. “JFrog,” our logo, and our other registered or common law trademarks, service marks or trade names appearing in this Annual Report on Form 10-K are the property of JFrog Ltd.

“JFrog,” our logo, and our other registered or common law trademarks, service marks or trade names appearing in this Annual Report on Form 10-K are the property of JFrog Ltd. Other trademarks and trade names referred to in this Annual Report on Form 10-K are the property of their respective owners.

We intend to continue to expand our strategic sales team to identify new use cases and drive expansion and standardization on JFrog within our largest customers. Competition The worldwide DevOps and DevSecOps markets are rapidly evolving.

We intend to continue to expand our strategic sales team to identify new use cases and drive expansion and standardization on JFrog within our largest customers.

As the domains of software developers and IT operators have converged, DevOps has emerged as a discipline that integrates software development and operations, shortening, automating, and improving the software build and release workflow. DevOps is a combination of technologies, methodologies, and culture that powers a continuous, fast, and secure software release cycle.

The DevOps, DevSecOps, and MLOps Workflows DevOps is a maturing discipline that integrates software development and operations, shortening, automating, and improving the software build and release workflow. DevOps is a combination of technologies, methodologies, and culture that powers a continuous, fast, and secure software release cycle.

Updating a feature of a software application, rather than releasing a new version of the entire application, ensures that current software is brought to market faster, allowing organizations to be more responsive to their customers’ needs, making software updates less disruptive to the user experience.

To meet this need, updating a feature of a software application, rather than releasing a new version of the entire application, ensures that current software is brought to market faster, allowing organizations to be more responsive to their customers’ needs, security concerns and corporate welfare.

We strive to foster a culture of diversity and inclusion so that all of our employees feel they are respected and treated equally, regardless of gender, race, ethnicity, age, disability, sexual orientation, gender identity, cultural background or religious belief.

We strive to foster a culture where all of our employees feel they are respected and treated equally, regardless of gender, race, ethnicity, color, age, disability, sexual orientation, gender identity, marital status, veteran status, pregnancy, HIV/AIDS status, cultural background, religious belief, genetic information status, or domestic violence status.

Our platform is designed to be agnostic to the programming languages, source code repositories, and development technologies that our customers use, and the type of production environments to which they deploy. 6 Table of Contents Our fully integrated suite of products allows our customers to compile software from source code repositories, curate the importation of external packages, manage the dependencies among components within software packages, keep these packages under a single universal repository, manage and automate the usage of open source libraries and packages, scan for vulnerabilities through various stages and contexts, distribute to endpoints, and deploy in production, all through a single user access point.

The JFrog Platform allows customers to compile software from source code repositories, curate the importation of external software packages, manage the dependencies among components within software packages, keep these packages under a single universal repository, manage and automate the usage of open source libraries and packages, scan for vulnerabilities through various stages and contexts, distribute to endpoints, and deploy securely to production, all through a single user access point.

For example, we are subject to numerous laws, directives, and regulations regarding privacy, data protection, and data security and the collection, storing, sharing, use, processing, transfer, disclosure, and protection of personal information and other data. In addition, in some cases, our software is subject to export control laws and regulations, including the Export Administration Regulations administered by the U.S.

We believe change is an opportunity; an agile mindset leads us to better results in a rapidly changing environment. • WIN! We believe that with a “good enough” mindset, we will never achieve greatness. • Care.

Anyone can approach everyone about anything at any time regardless of rank or affiliation. • Agility. We believe change is an opportunity; an agile mindset leads us to better results in a rapidly changing environment. • WIN! We believe that with a “good enough” mindset, we will never achieve greatness. • Care.

This complete process is often referred to as management and securing of the “software supply chain.” Since our initial launch of JFrog Artifactory, we have consistently innovated and added new products to expand the capabilities of our platform. Today, our platform comprises the full workflow for releasing trusted, secure software.

This complete process is often referred to as management and securing of the “software supply chain.” Since JFrog’s inception with the creation of the software package management category (JFrog Artifactory), we have consistently innovated and added new solutions to expand the capabilities of our platform.

The bottom-up approach is community focused, driving increased usage of our products, in which we focus on demonstrating the value that our products can provide to software developers, security teams and IT operators. Once customers are of a certain size, we engage in a top-down approach for full platform adoption that focuses on enterprise values.

Business Model We combine bottom-up and top-down approaches in our business model. The bottom-up approach is community focused, driving increased usage of our products, in which we focus on demonstrating the value that our products can provide to software developers, security teams, data scientists, and IT operators.

We believe this approach gives us a competitive advantage, as technical communities have become integral in spreading awareness of our brand, expanding use cases, and promoting the adoption of our platform in the overall organization.

These communities can easily engage with our products through free trials and open source software before deciding to use them on a paid basis. We believe this approach gives us a competitive advantage, as technical communities have become integral in spreading awareness of our brand, expanding use cases, and promoting the adoption of our platform in the overall organization.

JFrog Enterprise Plus is our full platform subscription option, delivering our entire suite of products and functionality, as well as Private Distribution Network capabilities.

JFrog Enterprise Plus provides the same features as JFrog Enterprise X, with the addition of JFrog Distribution, Access Federation, private content delivery network cloud capabilities, and private edge nodes. JFrog Enterprise Plus is our full platform subscription option, delivering our entire suite of products and functionality, as well as Private Distribution Network capabilities.

The DevSecOps workflow spans the lifecycle of software, from the planning, curating, coding, building, securing and testing of software components by developers, to the secure releasing, deploying, operating, and monitoring of that software by operators. DevSecOps integrates security practices across the DevOps workflow for early detection of issues and ongoing software security throughout the software’s lifecycle.

The DevSecOps workflow spans the DevOps workflow, but with the addition of security capabilities, including the planning, curating, coding, building, securing, and testing of software components by developers, to the secure releasing, deploying, operating, and monitoring of that software by operators.

JFrog Xray is able to understand software packages at a binary level, utilizing the metadata stored in JFrog Artifactory to accurately uncover potential vulnerabilities, policy violations, and open source software license compliance issues. This enables more cohesive DevSecOps processes, allowing organizations to achieve both control and trust earlier in their software release cycles by automating security workflows.

Any of our patents issued in the future may be contested, circumvented, found unenforceable or invalidated, and we may not be able to prevent third parties from infringing them.

With any of our patent applications, it is possible that they could result in the issuance of a patent or the examination process could require us to narrow our claims. Any of our patents issued in the future may be contested, circumvented, found unenforceable or invalidated, and we may not be able to prevent third parties from infringing them.

Intellectual Property Our success depends in part on our ability to protect our intellectual property. We rely on a combination of copyrights and trade secret laws, confidentiality procedures, employment agreements, license agreements, invention assignment agreements, trademarks, and patents to establish and protect our intellectual property rights, including our proprietary technology, software, know-how, and brand.

We rely on a combination of copyrights and trade secret laws, confidentiality procedures, employment agreements, license agreements, invention assignment agreements, trademarks, and patents to establish and protect our intellectual property rights, including our proprietary technology, software, know-how, and brand. 14 Table of Contents As of December 31, 2024, we hold a number of active patents and have filed patent applications both in the U.S. and in other countries.

See the section titled “Risk Factors” for a more comprehensive description of risks related to our intellectual property. Government Regulations Our business activities are subject to various federal, state, local and international laws, rules and regulations.

See Part I, Item 1A, "Risk Factors" in this Annual Report on Form 10-K for a more comprehensive description of risks related to our intellectual property. Government Regulations Our business activities are subject to various federal, state, local and international laws, rules and regulations.

JFrog Artifactory’s ability to search for, manage, and cache software packages from different sources enables software developers and IT operators to execute faster and take advantage of innovation throughout the broader software development ecosystem.

JFrog Artifactory’s ability to search for, manage, and cache software packages from different sources enables software developers, security teams, data scientists, and IT operators to execute faster and take advantage of innovation throughout the broader software development ecosystem. As an organization’s development environment changes, our products automatically adapt, with little to no downtime or the need for complex migrations.

To support growth of large strategic customers, JFrog also empowers a direct sales team supported by dedicated DevSecOps technical staff. We strive to make software developers, security teams and IT operators more efficient, effective, and productive, and create champions of JFrog in the process. • Our go-to-market strategy. o Make software developers, security teams, ML engineers, and IT operators successful.

We strive to make software developers, security teams, MLOps teams, and IT operators more efficient, effective, and productive, and create champions of JFrog in the process. • Our go-to-market strategy. o Make software developers, security teams, machine learning engineers, and IT operators successful.

Our main place of business in the United States is located at 270 E. Caribbean Drive, Sunnyvale, California 94089. Our telephone number at this address is (408) 329-1540. Our registered office is located at 3 HaMahshev Street, Netanya, 4250465, Israel. Our telephone number at this address is + 972 (9)-894-1444.

Our registered office is located at 3 HaMahshev Street, Netanya, 4250465, Israel. Our telephone number at this address is + 972 (9)-894-1444. Our agent for service of process in the United States is JFrog, Inc.

We annually conduct talent reviews and succession planning and the Board of Directors receives updates from senior management regarding succession planning, management talent assessment, and employee attrition. The Audit Committee reviews with management our ethics and compliance programs for human capital and workplace-related issues.

We annually conduct talent reviews and succession planning and the Board of Directors receives updates from senior management regarding succession planning, management talent assessment, and employee attrition. The Compensation Committee of the Board oversees our approach to human capital and provides oversight of our overall compensation philosophy, policies, and programs, ensuring their respective alignment with our human capital strategy.

Employees and Human Capital Our Board of Directors and its committees share oversight of our human capital management strategy. The Nominating and Corporate Governance Committee has oversight of our approach to human capital and inclusion and diversity as part of its broader oversight of our Environmental, Social, and Governance strategy and initiatives.

The Audit Committee of the Board reviews our ethics and compliance programs for human capital and workplace-related issues with management. The Nominating and Corporate Governance Committee has oversight of our approach to diversity as part of its broader oversight of our sustainability strategy and initiatives.

As of December 31, 2023, 886 of our customers had ARR of $100,000 or more, increasing from 736 customers as of December 31, 2022, accounting for 68% and 62% of our ARR, respectively. We had 37 customers with ARR of at least $1.0 million as of December 31, 2023, increasing from 19 customers as of December 31, 2022.

As of December 31, 2024, 1,018 of our customers had annual recurring revenue (“ARR”) of $100,000 or more, increasing from 886 customers as of December 31, 2023, accounting for 72% and 68% of our ARR, respectively.

We offer time-limited free trials of our platform that allow prospective customers to test the full functionality of a JFrog subscription within their environments or in the cloud. At the end of this trial period, prospective customers must pay for a subscription in order to continue utilizing JFrog services.

This free access takes the form of free trials and open source software and helps generate demand for our paid offerings within these communities. • Free Trials. We offer time-limited free trials of our platform that allow prospective customers to test the full functionality of a JFrog subscription within their environments or in the cloud.

We enable organizations to securely store all package types in a common repository where they can be tagged, tracked, and managed. Our unified platform connects all of the software release processes involved in building and releasing software, and enables trust by offering a single source of truth for all software release inputs and outputs.

Our Platform The JFrog Platform connects all of the software release processes involved in building and releasing software, enabling trust by offering a single source of truth for all software release inputs and outputs.

We believe that in addition to our traditional direct-sales business, channel expansion will drive growth by giving specific industry verticals and geographies purchase options that are flexible to their localized needs. Specifically with public cloud providers, we believe there is great potential for partnerships and channels to be a significant contributor to JFrog’s growth. • Multiple tiers of subscriptions.

We are expanding JFrog’s channel strategy throughout the world, with a focus on emerging markets and localized buying patterns. We believe that in addition to our traditional direct-sales business, channel expansion will drive growth by giving specific industry verticals and geographies purchase options that are flexible to their localized needs.

… 89 more changes not shown on this page.

Item 1A. Risk Factors

Risk Factors — what could go wrong, per management

232 edited+49 added−86 removed225 unchanged

2023 filing

2024 filing

Biggest changeFactors that may cause fluctuations in our quarterly financial results include: • general economic, industry, and market conditions, including adverse macroeconomic conditions such as inflation; • our ability to attract and retain new customers; • the loss of existing customers; • renewals and timing of renewals; • customer usage of our products; • customer satisfaction with our products and platform capabilities and customer support; • our ability to expand sales within our existing customers; • mergers and acquisitions that might affect our customer base including the consolidation of affiliates’ multiple paid business accounts into a single paid business account; • our ability to gain new partners and retain existing partners; • our ability to convert users of free trials and open source version of JFrog Artifactory into subscribing customers; • increases or decreases in the number of elements of our subscriptions or pricing changes upon any renewals of customer agreements; • fluctuations in share-based compensation expense; • decisions by potential customers to purchase alternative solutions; • decisions by potential customers to develop in-house DevOps and DevSecOps technologies as alternatives to our products; • the amount and timing of operating expenses related to the maintenance and expansion of our business and operations, including investments in research and development, sales and marketing, and general and administrative resources; • network outages; • actual or perceived breaches of, or failures relating to, privacy, data protection, or data security; • the timing of expenses related to the development or acquisition of technologies or businesses and potential future charges for impairment of goodwill from acquired companies; • the impact of political uncertainty or unrest, including the Russia-Ukraine war, and the Israel-Hamas war, other areas of geopolitical tension around the world, or the worsening of that conflict or tensions and the related global economic disruptions; • changes in our pricing policies or those of our competitors; 21 Table of Contents • fluctuations in the growth rate of the overall market that our products address; • the budgeting cycles and purchasing practices of customers; • the business strengths or weakness of our customers; • our ability to collect timely on invoices or receivables; • the cost and potential outcomes of future litigation or other disputes; • future accounting pronouncements or changes in our accounting policies; • our overall effective tax rate, including impacts caused by any reorganization in our corporate tax structure and any new legislation or regulatory developments; • our ability to successfully expand our business in the U.S. and internationally; • fluctuations in the mix of our revenue between self-managed subscriptions and SaaS subscriptions; • fluctuations in foreign currency exchange rates; and • the timing and success of new products introduced by us or our competitors or any other change in the competitive dynamics of our industry, including consolidation among competitors, customers or partners.

Biggest changeFactors that may cause fluctuations in our quarterly financial results include, but not limited to: • our ability to attract and retain new customers; • the loss of existing customers; • renewals and timing of renewals; • customer usage of our products; • customer satisfaction with our products and platform capabilities and customer support; • our ability to expand sales within our existing customers; • our ability to gain new partners and retain existing partners; • increases or decreases in the number of elements of our subscriptions or pricing changes upon any renewals of customer agreements; • our ability to convert users of free trials and open source version of JFrog Artifactory into subscribing customers; • general economic, industry, and market conditions, including adverse macroeconomic conditions such as inflation and currency fluctuation; • fluctuations in share-based compensation expense, including as a result of our acquisition activity; • decisions by potential or existing customers to purchase alternative solutions; • decisions by potential customers to develop in-house DevOps, DevSecOps, and MLOps solutions as alternatives to our products; • the timing and success of new products introduced by us or our competitors or any other change in the competitive dynamics of our industry, including consolidation among competitors, customers, or partners; • the amount and timing of operating expenses related to the maintenance and expansion of our business and operations, including investments in research and development, sales and marketing, and general and administrative resources; • network outages; • actual or perceived breaches of, or failures relating to, privacy, data protection, e-marketing, cookies, cybersecurity, data breach notification, or data security; • mergers and acquisitions that might affect our customer base, including the consolidation of affiliates’ multiple paid business accounts into a single paid business account; • the timing of expenses related to the development or acquisition of technologies or businesses and potential future charges for impairment of goodwill from acquired companies; • changes in our pricing policies or those of our competitors; 20 Table of Contents • fluctuations in the growth rate of the overall market that our products address; • the budgeting cycles and purchasing practices of customers; • the business strengths or weakness of our customers; • our ability to collect timely on invoices or receivables; • the cost and potential outcomes of future litigation or other disputes; • future accounting pronouncements or changes in our accounting policies; • our ability to successfully expand our business in the U.S. and internationally; • fluctuations in the mix of our revenue between self-managed subscriptions and SaaS subscriptions; • our overall effective tax rate, including impacts caused by any reorganization in our corporate tax structure and any new legislation or regulatory developments; • fluctuations in foreign currency exchange rates; and • the impact of political uncertainty or unrest, including the Russia-Ukraine war, the war between Israel, Hamas and Hezbollah, the regional conflict in the Middle East, other areas of geopolitical tension around the world, including Syria, or the worsening of such conflicts or tensions and any related global economic disruptions.

The growth and expansion of our business places a continuous significant strain on our management, operational, and financial resources. In addition, as customers adopt our products for an increasing number of use cases, we have had to support more complex commercial relationships.

The growth and expansion of our business places a continuous and significant strain on our management, operational, and financial resources. In addition, as customers adopt our products for an increasing number of use cases, we have had to support more complex commercial relationships.

We must continue to improve and expand our information technology and financial infrastructure, our security and compliance requirements, our operating and administrative systems, and our relationships with various partners and other third parties, and our ability to manage headcount and processes in an efficient manner to manage our growth effectively.

We must continue to improve and expand our information technology and financial infrastructure, our security and compliance requirements, our operating and administrative systems, our relationships with various partners and other third parties, and our ability to manage headcount and processes in an efficient manner to manage our growth effectively.

In addition, any failure of our solutions to operate effectively with the business applications of any third-party partners could reduce the demand for our solutions and cause harm our business and reputation. We may also be held responsible for obligations that arise from the actions or omissions of third parties with which we do business.

In addition, any failure of our solutions to operate effectively with the business applications of any third-party partners could reduce the demand for our solutions and cause harm to our business and reputation. We may also be held responsible for obligations that arise from the actions or omissions of third parties with which we do business.

Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products could reduce our ability to compete and could harm our business. Historically, we have funded our operations and capital expenditures primarily through equity issuances and cash generated from our operations.

Our failure to generate the significant capital or raise additional capital necessary to expand our operations and invest in new products could reduce our ability to compete and could harm our business. Historically, we have funded our operations and capital expenditures primarily through cash generated from our operations and through equity issuances.

Sales of a substantial number of ordinary shares in the public market, particularly sales by our directors, executive officers, and significant shareholders, or the perception that these sales could occur, could adversely affect the market price of our ordinary shares and may make it more difficult for you to sell your ordinary shares at a time and price that you deem appropriate.

Sales of a substantial number of our ordinary shares in the public market, particularly sales by our directors, executive officers, and significant shareholders, or the perception that these sales could occur, could adversely affect the market price of our ordinary shares and may make it more difficult for you to sell your ordinary shares at a time and price that you deem appropriate.

As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, and the rules and regulations of the applicable listing standards of Nasdaq. We are required, pursuant to Section 404 of the Sarbanes-Oxley Act to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting.

As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, and the rules and regulations of the applicable Nasdaq listing standards. We are required, pursuant to Section 404 of the Sarbanes-Oxley Act, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting.

Any perception of privacy, data security, or data protection concerns or an inability to comply with applicable laws, regulations, policies, industry standards, contractual obligations, or other legal obligations, even if unfounded, may result in additional cost and liability to us, harm our reputation and inhibit adoption of our products by current and future customers, and adversely affect our business, financial condition, and results of operations.

Any perception of privacy, data security, cybersecurity, or data protection concerns or an inability to comply with applicable laws, regulations, policies, industry standards, contractual obligations, or other legal obligations, even if unfounded, may result in additional cost and liability to us, harm our reputation and inhibit adoption of our products by current and future customers, and adversely affect our business, financial condition, and results of operations.

If we are unable to meet the stated service-level commitments, including failure to meet the uptime and response time requirements under our customer subscription agreements, we may be contractually obligated to provide these customers with service credits which could significantly affect our revenue in the periods in which the failure occurs and the credits are applied.

If we are unable to meet the stated service-level commitments, including failure to meet the uptime and response time requirements under our customer subscription agreements, we may be contractually obligated to provide these customers with certain credits which could significantly affect our revenue in the periods in which the failure occurs and the credits are applied.

We could be required to collect additional sales, use, value added, digital services or other similar taxes or be subject to other liabilities that may increase the costs our clients would have to pay for our products and adversely affect our results of operations. We collect sales, value added and other similar taxes in a number of jurisdictions.

We could be required to collect additional sales, use, value added, digital services, or other similar taxes or be subject to other liabilities that may increase the costs our clients would have to pay for our products which would adversely affect our results of operations. We collect sales, value added, and other similar taxes in a number of jurisdictions.

Historically, we have experienced seasonality in customer bookings, as we typically enter into a higher percentage of subscription agreements with new customers and renewals with existing customers in the fourth quarter of the year. We believe that this results from the procurement, budgeting, and deployment cycles of many of our customers, particularly our enterprise customers.

Historically, we have experienced seasonality in customer bookings, as we typically enter into a higher percentage of subscription agreements with new customers and renewals with existing customers in our fourth quarter. We believe that this results from the procurement, budgeting, and deployment cycles of many of our customers, particularly our enterprise customers.

As a result, our operations may be disrupted by such absences, which disruption may materially and adversely affect our business and results of operations. Certain countries, companies and organizations participate in a boycott of Israeli companies. In addition, there have been increased efforts recently to cause companies and consumers to boycott Israeli goods and services.

As a result, our operations may be disrupted by such absences, which disruption may materially and adversely affect our business and results of operations. Certain countries, companies, and organizations participate in a boycott of Israeli companies, and there have been increased efforts recently to cause companies and consumers to boycott Israeli goods and services.

The expansion of and our ability to penetrate, these new and evolving markets depends on a number of factors, including: the cost, performance, and perceived value associated with DevOps, DevSecOps, and MLOps technologies, as well as the ability of DevOps workflows to improve critical steps in the lifecycle of software, including managing software security.

The expansion of, and our ability to penetrate, these evolving markets depends on a number of factors, including the cost, performance, and perceived value associated with DevOps, DevSecOps, and MLOps technologies, as well as the ability of DevOps workflows to improve critical steps in the lifecycle of software, including managing software security.

Sales to government entities are subject to a number of risks that are specific to public sector customers. Selling to government entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale.

Sales to government entities are subject to a number of risks that are specific to public sector customers. Selling to government entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time, expertise, and expense without any assurance that these efforts will generate a sale.

The relevant tax authorities may determine that the manner in which we operate our business does not achieve the intended tax consequences. If such a disagreement was to occur, and our position was not sustained, we could be required to pay additional taxes, interest, and penalties.

The relevant tax authorities may determine that the manner in which we operate our business does not achieve the intended tax consequences. If such a disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest, and penalties.

Our ability to achieve revenue growth will depend, in large part, on our success in recruiting, training, and retaining sufficient numbers of sales personnel to support our growth. New hires require significant training and may take significant time before they achieve full productivity.

Our ability to achieve revenue growth will depend, in large part, on our success in recruiting, training, and retaining sufficient numbers of sales personnel to support our growth. New hires require significant training and it may take significant time before they achieve full productivity.

Incorrect implementation or use of, or our customers’ failure to update, our software could result in customer dissatisfaction and negatively affect our business, operations, financial results, and growth prospects. Our products are often operated in large scale, complex IT environments.

Incorrect implementation or use of, or our customers’ failure to update, our products could result in customer dissatisfaction and negatively affect our business, operations, financial results, and growth prospects. Our products are often operated in large scale, complex IT environments.

In addition, there have been claims challenging the ownership rights in open source software against companies that incorporate open source software into their products, and the licensors of such open source software provide no warranties or indemnities with respect to such claims.

There have been claims challenging the ownership rights in open source software against companies that incorporate open source software into their products, and the licensors of such open source software provide no warranties or indemnities with respect to such claims.

We have recently experienced longer sales cycles for certain products and enhanced budget scrutiny by our customers, and expect to continue to experience these challenges given the current macroeconomic environment.

We have experienced longer sales cycles for certain products and enhanced budget scrutiny by our customers and expect to continue to experience these challenges given the current macroeconomic environment.

If an author or other third party that distributes such open source software were to allege that we had not complied with the conditions of one or more of these licenses, we could be required to incur significant legal expenses defending against such allegations and could be subject to significant damages, enjoined from the sale of our products that contained the open source software and required to comply with onerous conditions or restrictions on these products, which could disrupt the distribution and sale of these products.

In addition, if an author or other third party that distributes such open source software were to allege that we had not complied with the conditions of one or more of these licenses, we could be required to incur significant legal expenses defending against such allegations and could be subject to significant damages, enjoined from the sale of our products that contained the open source software, and required to comply with onerous conditions or restrictions on these products, which could disrupt the distribution and sale of these products.

The market price of our ordinary shares may be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, many of which are beyond our control, including: • actual or anticipated changes or fluctuations in our results of operations; • the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections; • announcements by us or our competitors of new offerings or new or terminated significant contracts, commercial relationships or capital commitments; • industry or financial analyst or investor reaction to our press releases, other public announcements, and filings with the SEC; • rumors and market speculation involving us or other companies in our industry; • sales or expected future sales of our ordinary shares; • investor perceptions of us and the industries in which we operate; • price and volume fluctuations in the overall stock market from time to time; • changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular; • failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors; • actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally; • litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors; • developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights; • announced or completed acquisitions of businesses or technologies by us or our competitors; 45 Table of Contents • actual or perceived breaches of, or failures relating to, privacy, data protection or data security; • new laws or regulations or new interpretations of existing laws or regulations applicable to our business; • any major changes in our management or our board of directors; • general economic conditions, the recent global economic downturn and slow or negative growth of our markets; and • other events or factors, including those resulting from war, including the war between Israel and Hamas, incidents of terrorism or responses to these events.

The market price of our ordinary shares may be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, many of which are beyond our control, including but not limited to: • actual or anticipated changes or fluctuations in our results of operations; • the financial projections we may provide to the public, any changes in these projections, or our failure to meet these projections; • announcements by us or our competitors of new offerings or new or terminated significant contracts, commercial relationships, or capital commitments; 43 Table of Contents • industry or financial analyst or investor reaction to our press releases, other public announcements, and filings with the SEC; • rumors and market speculation involving us or other companies in our industry; • sales or expected future sales of our ordinary shares; • investor perceptions of us and the industries in which we operate; • price and volume fluctuations in the overall stock market from time to time; • changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular; • failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors; • actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally; • litigation involving us, our industry, or both, or investigations by regulators into our operations or those of our competitors; • developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights; • announced or completed acquisitions of businesses or technologies by us or our competitors; • actual or perceived breaches of, or failures relating to, privacy, data protection, or data security; • new laws or regulations or new interpretations of existing laws or regulations applicable to our business; • any major changes in our management or our board of directors; • general economic conditions, the recent global economic downturn and slow or negative growth of our markets; and • other events or factors, including those resulting from war, including the war between Israel, Hamas and Hezbollah, incidents of terrorism or responses to these events.

To the extent our products are perceived by customers and potential customers as discretionary, our revenue may be disproportionately affected by delays or reductions in general information technology spending.

To the extent our products are perceived by customers and potential customers as discretionary, our revenue may be disproportionately affected by delays or reductions in information technology spending.

If the economic conditions of the general economy or markets in which we operate do not improve, or worsen from present levels, our business, results of operations, and financial condition could be adversely affected. 31 Table of Contents We have acquired, and may in the future acquire, complementary businesses which could require significant management attention, disrupt our business, dilute shareholder value, and adversely affect our results of operations.

If the economic conditions of the general economy or markets in which we operate do not improve, or worsen from present levels, our business, results of operations, and financial condition could be adversely affected. 30 Table of Contents We have acquired, and may in the future acquire, complementary businesses which could require significant management attention, disrupt our business, dilute shareholder value, and adversely affect our results of operations.

We cannot yet determine the impact these laws and regulations or changed interpretations may have on our business, but we anticipate that they could impair our or our customers’ ability to collect, use or disclose information relating to consumers, which could decrease demand for our platform, increase our costs and impair our ability to maintain and grow our customer base and increase our revenue.

We cannot yet determine the impact these laws and regulations or changed interpretations may have on our business, but we anticipate that they could impair our or our customers’ ability to collect, use, or disclose information relating to individuals, which could decrease demand for our platform, increase our costs, and impair our ability to maintain and grow our customer base and increase our revenue.

Further, any significant change to applicable laws, regulations or industry practices regarding the collection, storing, sharing, use, retention, security, protection, disclosure, other processing of data, or their interpretation, or any changes regarding the manner in which the consent of users or other data subjects for the collection, use, retention, disclosure, or other processing of such data must be obtained, could increase our costs and require us to modify our services and features, possibly in a material manner, which we may be unable to complete, and may limit our ability to store and process user data or develop new services and features.

Further, any significant change to applicable laws, regulations, or industry practices regarding the collection, storing, sharing, use, retention, security, protection, disclosure, other processing of data, or their interpretation, or any changes regarding the 37 Table of Contents manner in which the consent of users or other data subjects for the collection, use, retention, disclosure, or other processing of such data must be obtained, could increase our costs and require us to modify our services and features, possibly in a material manner, which we may be unable to complete, and may limit our ability to store and process user data or develop new services and features.

Certain vulnerabilities under certain circumstances could be exploited if our customers do not patch vulnerable versions of the product. In the future, we also may experience security breaches, including breaches resulting from a cybersecurity attack, phishing attack, or other means, including unauthorized access, unauthorized usage, malwares or similar breaches or disruptions.

Risks Related to Foreign Operations Our international operations and expansion expose us to risks. Our primary research and development operations are located in Israel. As of December 31, 2023, we had customers located in over 90 countries, and our strategy is to continue to expand internationally. In addition, as a result of our strategy of leveraging a distributed workforce.

Risks Related to Foreign Operations Our international operations and expansion expose us to risks. Our primary research and development operations are located in Israel. As of December 31, 2024, we had customers located in over 90 countries, and our strategy is to continue to expand internationally. In addition, as a result of our strategy of leveraging a distributed workforce.

Because our customers rely on our software to manage a wide range of operations, the incorrect implementation, use of, or our customers’ failure to update, our software or our failure to train customers on how to use our software productively has in the past and may in the future result in customer dissatisfaction, and negative publicity and may adversely affect our reputation and brand.

Because our customers rely on our products to manage a wide range of operations, the incorrect implementation, use of, or our customers’ failure to update, our products or our failure to train customers on how to use our products productively has in the past and may in the future result in customer dissatisfaction and negative publicity and may adversely affect our reputation and brand.

Any of these incidents or any compromise of our security or any unauthorized access to or breaches of the security of our or our service providers’ systems or data processing tools or processes, or of our platform and product offerings, as a result of third-party action, employee error, vulnerabilities, defects or bugs, malfeasance, or otherwise, could result in unauthorized or unlawful 39 Table of Contents access to, misuse, disclosure, loss, acquisition, corruption, unavailability, alteration, modification or destruction of our and our customers’ data, including sensitive and proprietary information, personal data and personal information, or a risk to the security of our or our customers’ systems.

Any of these incidents or any compromise of our security or any unauthorized access to or breaches of the security of our or our service providers’ systems or data processing tools or processes, or of our platform and product offerings, as a result of third-party action, employee error, vulnerabilities, defects or bugs, malfeasance, or otherwise, could result in unauthorized or unlawful access to, misuse, disclosure, loss, acquisition, corruption, unavailability, alteration, modification, or destruction of our and our customers’ data, including sensitive and proprietary information, personal data and personal information, or a risk to the security of our or our customers’ systems.

In order to provide value for our customers, we must offer products that allow our customers to compile software from source code repositories, manage the dependencies among components within software packages, move packages and ML models to a universal repository, ingest packages from third parties, including open source libraries, scan for vulnerabilities through various stages, distribute to endpoints, and deploy in production, all through a single user access point.

In order to provide value for our customers, we must offer products that allow our customers to compile software from source code repositories, manage the dependencies among components within software packages, move packages and machine learning models to a universal repository, ingest packages from third parties, including open source libraries, scan for vulnerabilities through various stages, distribute to endpoints, and deploy in production, all through a single user access point.

Our platform consists of multiple products in DevOps and DevSecOps, and we compete in each product category as well as the entire platform level. The market for our products is highly fragmented, quickly evolving, and subject to rapid changes in technology.

Our platform consists of multiple products in DevOps, DevSecOps, and MLOps, and we compete in each product category as well as at the entire platform level. The market for our products is highly fragmented, quickly evolving, and subject to rapid changes in technology.

Data security incidents affecting widely trusted data security architecture (such as the incident affecting SolarWinds Orion, the incident involving Accellion FTA, the incident affecting Microsoft Exchange, the incident affecting Kaseya VSA, and the incident involving Log4j – none of which have directly affected us) may increase customer expectations regarding the security, testing, and compliance documentation of our platform and products for secure software development operations, management, automation and releases.

Data security incidents affecting widely trusted data security architecture (such as historical incidents affecting SolarWinds Orion, the incident involving Accellion FTA, the incident affecting Microsoft Exchange, the incident affecting Kaseya VSA, the incident involving Log4j, the software update incident involving CrowdStrike – none of which have directly affected us) may increase customer expectations regarding the security, testing, and compliance documentation of our platform and products for secure software development operations, management, automation, and releases.

Case law clarifies that the right to receive consideration for “service inventions” can be waived by the employee and that in certain circumstances, such waiver does not necessarily have to be explicit. The Committee will examine, on a case-by-case basis, the general contractual framework between the parties, applying interpretation rules of the general Israeli contract laws.

Case law clarifies that the right to receive consideration for “service inventions” 34 Table of Contents can be waived by the employee and that, in certain circumstances, such waiver does not necessarily have to be explicit. The Committee will examine, on a case-by-case basis, the general contractual framework between the parties, applying interpretation rules of the general Israeli contract laws.

We and our service providers may be unable to anticipate these techniques, react, remediate or otherwise address any security breach or other security incident in a timely manner, or implement adequate preventative measures. In the past, we have experienced vulnerabilities, none of which led to account takeover and all such known vulnerabilities have been remedied.

We and our service providers may be unable to anticipate these techniques, react, remediate, or otherwise address any security breach or other security incident in a timely manner, or implement adequate 36 Table of Contents preventative measures. In the past, we have experienced vulnerabilities, none of which led to account takeover and all such known vulnerabilities have been remedied.

We are also subject to certain contractual obligations to third parties related to privacy, data protection and data security. We strive to comply with our applicable policies and applicable laws, regulations, contractual obligations, and other legal obligations relating to privacy, data protection, and data security to the extent possible.

We are also subject to certain contractual obligations to third parties related to privacy, data protection, cybersecurity, AI, and data security. We strive to comply with our applicable policies and applicable laws, regulations, contractual obligations, and other legal obligations relating to privacy, data protection, cybersecurity, and data security to the extent possible.

Our operations in China are subject to a number of risks relating to China’s economic and political systems, including: • A government-controlled foreign exchange rate and limitations on the convertibility of the Chinese Renminbi; • Uncertainty regarding the validity, enforceability and scope of protection for intellectual property rights and the practical difficulties of enforcing such rights; • Ability to secure our business proprietary information located in China from unauthorized acquisition; • Extensive government regulation; • Changing governmental policies relating to tax benefits available to foreign-owned businesses; • A relatively uncertain legal system; • Application of and limitations related to the DSL and PIPL regulations over processing of data and personal data within China as well as cross-border data transfers and other activities outside of China; and 41 Table of Contents • Instability related to continued economic, political and social reform.

Our operations in China are subject to a number of risks relating to China’s economic and political systems, including but not limited to: • A government-controlled foreign exchange rate and limitations on the convertibility of the Chinese Renminbi; • Uncertainty regarding the validity, enforceability, and scope of protection for intellectual property rights and the practical difficulties of enforcing such rights; • Ability to secure our business proprietary information located in China from unauthorized acquisition; • Extensive government regulation; • Changing governmental policies relating to tax benefits available to foreign-owned businesses; • A relatively uncertain legal system; • Application of and limitations related to the DSL and PIPL regulations over processing of data and personal data within China as well as cross-border data transfers and other activities outside of China; and • Instability related to continued economic, political, and social reform.

Further, our products incorporating encryption functionality may be subject to special controls applying to encryption items and/or certain reporting requirements. While we take precautions and maintain procedures to prevent our products and solutions from being exported in violation of these laws, we cannot guarantee that the precautions we take will prevent violations of export control and sanctions laws.

Further, our products incorporating encryption functionality may be subject to special controls applying to encryption items and/or certain reporting requirements. 40 Table of Contents While we take precautions and maintain procedures to prevent our products and solutions from being exported in violation of these laws, we cannot guarantee that the precautions we take will prevent violations of export control and sanctions laws.

Large indemnity payments could harm our business, results of operations, and financial condition. Pursuant to certain agreements we do not have a cap on our liability and any payments under such agreements would harm our business, results of operations, and financial condition.

Large indemnity payments could harm our business, results of operations, and financial condition. Pursuant to certain agreements, we do not have a cap on our liability for indemnity claims and any payments under such agreements would harm our business, results of operations, and financial condition.

Any disruption in the business of our partners or customers that affects sales in a given fiscal quarter could have a significant adverse impact on our quarterly results for that and future quarters. All of the aforementioned risks may be further increased if our disaster recovery plans prove to be inadequate.

Any disruption in the business of our partners or 49 Table of Contents customers that affects sales in a given fiscal quarter could have a significant adverse impact on our quarterly results for that and future quarters. All of the aforementioned risks may be further increased if our disaster recovery plans prove to be inadequate.

Israeli labor courts have required employers seeking to enforce non-compete undertakings of a former employee to demonstrate that the competitive activities of the former 28 Table of Contents employee will harm one of a limited number of material interests of the employer that have been recognized by the courts, such as the protection of a company’s trade secrets or other intellectual property.

Israeli labor courts have required employers seeking to enforce non-compete undertakings of a former employee to demonstrate that the competitive activities of the former employee will harm one of a limited number of material interests of the employer that have been recognized by the courts, such as the protection of a company’s trade secrets or other intellectual property.

Some security-focused companies may compete with a subset of JFrog’s holistic security offerings or address only developer-level security, such as Aqua Security, Snyk, Sonatype, and Synopsys. • Diversified vendors. Some diversified technology companies, such as IBM, Inc. (including Red Hat), Pivotal Software, and Broadcom’s VMware may have offerings that compete with certain JFrog products.

If we are unable to continue to meet customer demand, if our products fail to compete with the products of our competitors, if we fail to achieve more widespread market acceptance of JFrog Artifactory, or if our products fail to meet statutory, regulatory, contractual, or other applicable requirements, then our business, results of operations, and financial condition would be harmed.

If we are unable to continue to meet customer demand, if our products fail to compete with the products of our competitors, if we fail to achieve more widespread market acceptance of JFrog Artifactory, or if our 23 Table of Contents products fail to meet statutory, regulatory, contractual, or other applicable requirements, then our business, results of operations, and financial condition would be harmed.

In addition, if we are unsuccessful at integrating future acquisitions, or the technologies associated with such acquisitions, into our company, the revenue and results of operations of the combined company could be adversely affected.

In addition, if we are unsuccessful at integrating future acquisitions, or the technologies associated with such acquisitions, the revenue and results of operations of the combined company could be adversely affected.

Any political or trade controversy between the United States and China could adversely affect the U.S. and European economies and materially and adversely affect the market price of our ordinary shares, our business, financial position and financial performance.

Any political or trade controversy between the U.S. and China could adversely affect the U.S. and European economies and materially and adversely affect the market price of our ordinary shares, our business, financial position, and financial performance.

If DevOps, DevSecOps, and software release management software do not continue to achieve market acceptance, or there is a reduction in demand caused by decreased customer acceptance, technological challenges, weakening economic conditions, privacy, data protection and data security concerns, governmental regulation, competing technologies and products, or decreases in information technology spending or otherwise, the market for our platform and products might not 20 Table of Contents continue to develop or might develop more slowly than we expect, which could adversely affect our business, financial condition, and results of operations.

If DevOps, DevSecOps, MLOps, and software release management software do not continue to achieve market acceptance, or there is a reduction in demand caused by decreased customer acceptance, technological 21 Table of Contents challenges, weakening economic conditions, privacy, data protection and data security concerns, governmental regulation, competing technologies and products, or decreases in information technology or other spending, the market for our platform and products might not continue to develop or might develop more slowly than we expect, which could adversely affect our business, financial condition, and results of operations.

We could also face subscription terminations and a reduction in renewals, which could significantly affect both our current and future revenue. We offer multiple tiers of subscriptions to our products and as such our service-level commitments will increase if more customers choose subscriptions of JFrog Pro X, JFrog Enterprise X, and JFrog Enterprise Plus.

We could also face subscription terminations and a reduction in renewals, which would significantly affect our future revenue. We offer multiple tiers of subscriptions to our products and as such our service-level commitments will increase if more customers choose subscriptions of JFrog Pro X, JFrog Enterprise X, and JFrog Enterprise Plus.

However, Israeli law does not define the substance of this duty of fairness. There is little case law available to assist in understanding the implications of these provisions that govern shareholder behavior. 48 Table of Contents We have received Israeli government grants for certain of our research and development activities.

However, Israeli law does not define the substance of this duty of fairness. There is little case law available to assist in understanding the implications of these provisions that govern shareholder behavior. We have received Israeli government grants for certain of our research and development activities.

We anticipate that our operating expenses will increase substantially in the foreseeable future as we continue to enhance our products, broaden our customer base, expand our sales and marketing activities, including building a customer success team and continuing to invest in our strategic sales team, expanding our operations, hiring additional employees, and continuing to develop our technology.

We anticipate that our operating expenses will increase substantially in the foreseeable future as we continue to enhance our products, broaden our customer base, expand our sales and marketing activities, including strengthening our customer success team and continuing to invest in our strategic sales team, expanding our operations, hiring additional employees, and continuing to develop our technology.

Travel Act, the USA PATRIOT Act, the United Kingdom Bribery Act 2010, the Proceeds of Crime Act 2002, Chapter 9 (sub-chapter 5) of the Israeli Penal Law, 1977, the Israeli Prohibition on Money Laundering Law–2000 and possibly other anti-bribery and anti-money laundering laws in countries outside of the United States in which we conduct our activities.

In the event our or our partners abilities are hindered by any of the events discussed above, sales could be delayed, resulting in missed financial targets for a particular quarter.

In the event our or our partners’ abilities are hindered by any of the events discussed above, sales could be delayed, resulting in missed financial targets for a particular quarter.

Moreover, because the interpretation and application of many laws and regulations relating to privacy, security, and data protection, along with mandatory industry standards, are uncertain, it is possible that these laws, regulations and standards, or contractual obligations to which we are or may become subject, may be interpreted and applied in a manner that is inconsistent with our existing or future data management practices or features of our platform and products.

Moreover, because the interpretation and application of many laws and regulations relating to privacy, security, cybersecurity, e-marketing, AI, and data protection, along with mandatory industry standards, are uncertain, it is possible that these laws, regulations and standards, or contractual obligations to which we are or may become subject, may be interpreted and applied in a manner that is inconsistent with our existing or future data management practices or features of our platform and products.

Many of the companies with which we compete for experienced personnel have greater resources than we have and due to our profile and market position, such competitors actively seek to hire skilled personnel away from us, even if such employee has entered into a non-compete agreement.

Many of the companies with which we compete for experienced personnel have greater resources than we have, and due to our profile and market position, such competitors actively seek to hire skilled personnel away from us, even if such employees have entered into a non-compete agreement with us.

However, the regulatory framework for privacy, data protection and data security worldwide is, and is likely to remain for the foreseeable future, uncertain and complex, and it is possible that these or other actual or alleged obligations may be interpreted and applied in a manner that we do not anticipate or that is inconsistent from one jurisdiction to another and may conflict with other legal obligations or our practices.

However, the regulatory framework for privacy, data protection, cybersecurity, e-marketing, AI, and data security worldwide is, and is likely to remain for the foreseeable future, uncertain and complex, and it is possible that these or other actual or alleged obligations may be interpreted and applied in a manner that we do not anticipate or that is inconsistent from one jurisdiction to another and may conflict with other legal obligations or our practices.

Employees may be more likely to leave us if the shares they own or the shares underlying their equity incentive awards have significantly appreciated or significantly reduced in value.

Employees may be more likely to leave us if the shares they own or the shares underlying their equity incentive awards have significantly appreciated or significantly declined in value.

Because a material part of our research and development is conducted in Israel and certain members of our board of directors and management as well as approximately half of our employees and consultants are located in Israel, our business and operations could be affected by economic, political, geopolitical and military conditions in Israel.

Because a material part of our research and development is conducted in Israel and certain members of our board of directors and management (as well as more than half of our employees and consultants) are located in Israel, our business and operations could be affected by economic, political, geopolitical, and military conditions in Israel.

We are subject to numerous federal, state, local, and international laws, directives, and regulations regarding privacy, data protection, and data security and the collection, storing, sharing, use, processing, transfer, retention, security, disclosure, and protection of personal information and other data, the scope of which are changing, subject to differing interpretations, and may be inconsistent among jurisdictions or conflict with other legal and regulatory requirements.

We are subject to numerous federal, state, local, and international laws, directives, and regulations regarding privacy, data protection, e-marketing, cybersecurity, AI, and data security and the collection, storing, sharing, use, processing, transfer, retention, security, disclosure, and protection of personal information and other data, the scope of which are changing, subject to differing interpretations, and may be inconsistent among jurisdictions or conflict with other legal and regulatory requirements.

There is no guarantee that such events will translate into new customers, or that open source users will convert to paying subscribers. 25 Table of Contents In addition, a significant aspect of our sales and marketing focus is to expand deployments within existing customers.

There is no guarantee that such events will translate into new customers, or that open source users will convert to paying subscribers. In addition, a significant aspect of our sales and marketing focus is to expand deployments within existing customers.

Our failure to have sufficient capital to do any of these things could harm our business, financial condition, and results of operations. A minor portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.

Our failure to have sufficient capital to do any of these things could harm our business, financial condition, and results of operations. 31 Table of Contents A minor portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.

It is also possible that our customers and regulators would seek to hold us accountable for any breach of security affecting a third-party cloud provider’s infrastructure and we may incur significant liability in investigating such an incident and responding to any claims, investigations, or proceedings made or initiated by those customers, regulators, and other third parties.

It is also possible that our customers and regulators could seek to hold us accountable for any breach of security affecting a public cloud provider’s infrastructure and we may incur significant liability in investigating such an incident and responding to any claims, investigations, or proceedings made or initiated by those customers, regulators, and other third parties.

The concentration of our share ownership with insiders will likely limit your ability to influence corporate matters, including the ability to influence the outcome of director elections and other matters requiring shareholder approval. Our executive officers, directors, current 5% or greater shareholders and affiliated entities together beneficially owned approximately 18% of our ordinary shares outstanding as of December 31, 2023.

The concentration of our share ownership with insiders will likely limit your ability to influence corporate matters, including the ability to influence the outcome of director elections and other matters requiring shareholder approval. Our executive officers, directors, current 5% or greater shareholders and affiliated entities together beneficially owned approximately 22% of our ordinary shares outstanding as of December 31, 2024.

In order to remain eligible for the tax benefits for a “Preferred Technology Enterprise” we must continue to meet certain conditions stipulated in the Investment Law and its regulations, as amended. If these tax benefits are reduced, cancelled or discontinued, our Israeli taxable income from the Preferred Technology Enterprise would be subject to regular Israeli corporate tax rates.

In order to remain eligible for the tax benefits for a Preferred Technology Enterprise, we must continue to meet certain conditions stipulated in the Investment Law and its regulations, as amended. If these tax benefits are reduced, canceled, or discontinued, our Israeli taxable income from the Preferred Technology Enterprise would be subject to regular Israeli corporate tax rates.

Despite our efforts, our systems and those of our vendors, service providers, and strategic partners also are potentially vulnerable to computer malware, viruses, computer hacking, fraudulent use, social engineering attacks, phishing attacks, ransomware attacks, credential stuffing attacks, denial-of-service attacks, unauthorized access, exploitation of bugs, defects, and vulnerabilities, breakdowns, damage, interruptions, system malfunctions, power outages, terrorism, acts of vandalism, failures, security breaches and incidents, inadvertent or intentional actions by our employees, contractors, consultants, partners, and/or other third parties, and other real or perceived cyberattacks.

Despite our efforts, our systems and those of our vendors, service providers, and strategic partners also are potentially vulnerable to computer malware, malicious access or delivery of ransomware or other malicious software to our customers, AI risks, viruses, computer hacking, fraudulent use, social engineering attacks, phishing attacks, ransomware attacks, credential stuffing attacks, denial-of-service attacks, unauthorized access, exploitation of bugs, defects, and vulnerabilities, breakdowns, damage, interruptions, system malfunctions, power outages, terrorism, acts of vandalism, failures, security breaches and incidents, inadvertent or intentional actions by our employees, contractors, consultants, partners, and/or other third parties, and other real or perceived cyberattacks.

In addition, if our subscriptions change, then we may need to revise our pricing strategies. Any such changes to our pricing strategies or our ability to efficiently price our offerings could adversely affect our business, results of operations and financial condition.

In addition, if our subscriptions change, then we may need to revise our pricing 29 Table of Contents strategies. Any such changes to our pricing strategies or our ability to efficiently price our offerings could adversely affect our business, results of operations, and financial condition.

In addition, acts of terrorism, pandemics, such as the outbreak of the novel coronavirus or another public health crisis, protests, riots and other geo-political unrest could cause disruptions in our business or the business of our partners, customers, or the economy as a whole.

In addition, acts of terrorism, pandemics, such as the outbreak of the novel coronavirus or another public health crisis, protests, riots, and other geopolitical unrest could cause disruptions in our business or the business of our partners, customers, or the economy as a whole.

If our efforts to sell subscriptions to new customers and to expand deployments with existing customers are not successful, our total revenue and revenue growth rate may decline and our business will suffer. 29 Table of Contents Further, as we continue to scale our business, a more traditional sales infrastructure could assist in reaching larger enterprise customers and growing our revenue.

If our efforts to sell subscriptions to new customers and to expand deployments with existing customers are not successful, our total revenue and revenue growth rate may decline and our business will suffer. Further, as we continue to scale our business, a more traditional sales infrastructure could assist in reaching larger enterprise customers and growing our revenue.

Further, any expansion into new geographies may require us to integrate our products with new third-party technology and invest in developing new relationships with providers. If we are unable to respond to changes in a cost-effective manner, our products may become less marketable, less competitive, or obsolete and our results of operations may be negatively impacted.

Further, any expansion into new geographies may require us to invest in developing new relationships with providers. If we are unable to respond to changes in a cost-effective manner, our products may become less marketable, less competitive, or obsolete, and our results of operations may be negatively impacted.

Moreover, operating expenses incurred outside the United States and denominated in foreign currencies are increasing and are subject to fluctuations due to changes in foreign currency exchange rates. If we are not able to successfully hedge against the risks associated with currency fluctuations, our financial condition and results of operations could be adversely affected.

Moreover, operating expenses incurred outside the U.S. and denominated in foreign currencies are increasing and are subject to fluctuations due to changes in foreign currency exchange rates. If we are not able to successfully hedge against the risks associated with currency fluctuations, our financial condition and results of operations could be adversely affected.

While also partners, public cloud providers, such as Amazon Web Services (“AWS”), Microsoft Azure (including Azure DevOps), and Alphabet Inc.’s Google Cloud, may compete with a subset of JFrog functionality. • Security point solutions.

As the use of our products, including products that were recently acquired or developed, expands to more sensitive, secure, or mission critical uses by our customers, we may be subject to increased scrutiny, potential reputational risk, or potential liability should our software fail to perform as contemplated in such deployments.

As the use of our products, including products that were recently acquired or developed, expands to more sensitive, secure, or mission critical uses by our customers, we may be subject to increased contractual liability, scrutiny, loss of revenue or customers, potential reputational risk, or potential liability should our products fail to perform as contemplated in such deployments.

Unfavorable economic conditions may adversely affect our business and financial condition due to impacts on consumer and business spending, including reductions in information technology spending and decreased demand for our products, which could limit our ability to grow our business.

Unfavorable economic conditions may adversely affect our business and financial condition due to impacts on enterprise spending trends, including reductions in information technology spending and decreased demand for our products, which could limit our ability to grow our business.

Subject to prior approval of the IIA, we may transfer the IIA-funded know-how to another Israeli company. If the IIA-funded know-how is transferred to another Israeli entity, the transfer would still require IIA approval but will not be subject to the payment of the redemption fee.

It is difficult to predict exactly when, or even if, we 30 Table of Contents will make a sale to a potential customer or if we can increase sales to our existing customers. As a result, large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated, or have not occurred at all.

It is difficult to predict exactly when, or even if, we will make a sale to a potential customer or if we can increase sales to our existing customers. As a result, large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated, or have not occurred at all.

The laws of some countries may not be as protective of intellectual property rights as those in the United States, and mechanisms for enforcement of intellectual property rights may be inadequate. As we continue to expand our international activities, our exposure to unauthorized copying and use of our products and proprietary information will likely increase.

The laws of some countries may not be as protective of intellectual property rights as those in the U.S., and mechanisms for enforcement of intellectual property rights may be inadequate. As we continue to expand our international activities, our exposure to unauthorized copying and use of our products and proprietary information will likely increase.

Furthermore, certain 44 Table of Contents jurisdictions, such as the United Kingdom and France, introduced a digital services tax, which is generally a tax on gross revenue generated from users or customers located in those jurisdictions, and other jurisdictions have enacted or are considering enacting similar laws.

Furthermore, certain jurisdictions, such as the United Kingdom and France, introduced a digital services tax, which is generally a tax on gross digital services revenue generated from users or customers located in those jurisdictions, and other jurisdictions have enacted or are considering enacting similar laws.

Our risks of cyberattacks and other sources of security breaches and incidents, and those faced by our vendors, service providers, and strategic partners, may be heightened in connection with the war between Israel and Hamas, the war between Russia and Ukraine, and associated geopolitical tensions and regional instability.

Our risks of cyberattacks and other sources of security breaches and incidents, and those faced by our vendors, service providers, and strategic partners, may be heightened in connection with the war between Israel, Hamas and Hezbollah, the regional conflict in the Middle East, the war between Russia and Ukraine, and other associated geopolitical tensions and regional instability.

A significant natural disaster, such as an earthquake, fire, flood, or significant power outage could have an adverse impact on our business, results of operations, and financial condition. We have a number of our employees and executive officers located in the San Francisco Bay Area, a region known for seismic activity and increasingly, wildfires.

A significant natural disaster, such as an earthquake, fire, flood, or significant power outage could have an adverse impact on our business, results of operations, and financial condition. We have a number of our employees and executive officers located in the San Francisco Bay Area where our U.S. headquarters are located, a region known for seismic activity and increasingly, wildfires.

In addition, our insurance against this liability may not be adequate to cover a potential claim and potentially may be subject to exclusions, or that the insurer will deny coverage as to any future claim or exclude from our coverage such claims in policy renewals.

In addition, our insurance against these liabilities may not be adequate to cover a potential claim and potentially may be subject to exclusions, or that the insurer will deny coverage as to any future claim or exclude from our coverage such claims in policy renewals.

As a public company listed in the United States, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the listing requirements of the Nasdaq, and other applicable securities rules and regulations.

As a public company listed in the U.S., we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, Nasdaq listing requirements and other applicable securities rules and regulations.

If we need additional capital and cannot raise it on acceptable terms, we may not be able to, among other things: • develop or enhance our products; • continue to expand our research and development and sales and marketing organizations; • acquire complementary technologies, products or businesses; • expand operations in the United States or internationally; • hire, train, and retain employees; or • respond to competitive pressures or unanticipated working capital requirements.

If we need additional capital and cannot raise it on acceptable terms, we may not be able to, among other things: • develop or enhance our products; • continue to expand our research and development and sales and marketing organizations; • bring our products to market; • acquire complementary technologies, products, or businesses; • expand operations in the U.S. or internationally; • hire, train, and retain employees; or • respond to competitive pressures or unanticipated working capital requirements.

Government certification requirements for products like ours may change, thereby restricting our ability to sell into the U.S. federal government, U.S. state governments, or non-U.S. government sectors 32 Table of Contents until we have attained such revised certification or certifications.

Government certification requirements for products like ours may change, thereby restricting our ability to sell into the U.S. federal government, U.S. state governments, or non-U.S. government sectors until we have attained such revised certification or certifications.

… 287 more changes not shown on this page.

Item 2. Properties

Properties — owned and leased real estate

1 edited+1 added−0 removed1 unchanged

2023 filing

2024 filing

Biggest changeItem 2. Properties We are co-headquartered in Sunnyvale, California and in Netanya, Israel. We lease approximately 49,000 square feet of office space in Sunnyvale under leases expiring through 2026, and approximately 52,000 square feet of office space in Netanya under a lease expiring in 2026. We lease all of our facilities and do not own any real property.

Biggest changeWe lease approximately 49,000 square feet of office space in Sunnyvale under leases expiring through 2026, and approximately 52,000 square feet of office space in Netanya under a lease expiring in 2026. 51 Table of Contents We lease all of our facilities and do not own any real property.

Added

Item 2. Properties We are co-headquartered in Sunnyvale, California and in Netanya, Israel.

Item 3. Legal Proceedings

Legal Proceedings — active lawsuits and investigations

1 edited+0 added−0 removed0 unchanged

2023 filing

2024 filing

Biggest changeItem 3. Legal Proceedings The information set forth under the heading “Legal Proceedings” in Note 11 to the consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K is incorporated herein by reference. Item 4. Mine Safety Disclosures Not applicable. 53 Table of Contents PART II

Item 5. Market for Registrant's Common Equity

Market for Common Equity — stock, dividends, buybacks

4 edited+0 added−0 removed4 unchanged

2023 filing

2024 filing

Biggest changeHolders of Record As of February 9, 2024, we had 57 holders of record of our Ordinary Shares. The actual number of holders is greater than this number of record holders and includes holders who are beneficial owners but whose shares are held in street name by brokers and other nominees.

Biggest changeHolders of Record As of February 5, 2025, we had 37 holders of record of our Ordinary Shares. The actual number of holders is greater than this number of record holders and includes holders who are beneficial owners but whose shares are held in street name by brokers and other nominees.

The graph below compares the cumulative total stockholder return on our ordinary share from September 16, 2020 (the date our ordinary share commenced trading on the Nasdaq) through December 31, 2023 with the cumulative total return on the S&P 500 Index and the S&P 500 Information Technology Index.

The graph below compares the cumulative total stockholder return on our ordinary share from September 16, 2020 (the date our ordinary share commenced trading on the Nasdaq) through December 31, 2024 with the cumulative total return on the S&P 500 Index and the S&P 500 Information Technology Index.

Item 5. Market for Registrant's Common Equity, Related Shareholder Matters and Issuer Purchases of Equity Securities Market Information for Our Ordinary Shares Our Ordinary Shares has been listed on the Nasdaq Global Select Market (Nasdaq) under the symbol "FROG" since September 16, 2020. Prior to that date, there was no public trading market for our Ordinary Shares.

Item 5. Market for Registrant's Common Equity, Related Shareholder Matters and Issuer Purchases of Equity Securities Market Information for Our Ordinary Shares Our Ordinary Shares has been listed on the Nasdaq Global Select Market (“Nasdaq”) under the symbol “FROG” since September 16, 2020. Prior to that date, there was no public trading market for our Ordinary Shares.

Unregistered Sales of Equity Securities None. 54 Table of Contents Issuer Purchases of Equity Securities None. Item 6. [Reserved]

Unregistered Sales of Equity Securities None. 53 Table of Contents Issuer Purchases of Equity Securities None. Item 6. [Reserved]

Item 7. Management's Discussion & Analysis

Management's Discussion & Analysis (MD&A) — revenue / margin commentary

63 edited+15 added−8 removed31 unchanged

2023 filing

2024 filing

Biggest changeResults of Operations The following tables set forth selected consolidated statements of operations data and such data as a percentage of total revenue for each of the periods indicated: Year Ended December 31, 2023 2022 2021 (in thousands) Revenue: Subscription—self-managed and SaaS $ 330,193 $ 261,452 $ 190,046 License—self-managed 19,693 18,588 16,637 Total subscription revenue 349,886 280,040 206,683 Cost of revenue: Subscription—self-managed and SaaS (1)(2)(3) 76,244 61,407 41,023 License—self-managed (2) 799 880 800 Total cost of revenue—subscription 77,043 62,287 41,823 Gross profit 272,843 217,753 164,860 Operating expenses: Research and development (1)(3) 134,584 121,225 79,604 Sales and marketing (1)(2)(3)(4) 150,675 130,812 96,962 General and administrative (1)(3)(4) 63,132 55,556 56,663 Total operating expenses 348,391 307,593 233,229 Operating loss (75,548 ) (89,840 ) (68,369 ) Interest and other income, net 21,032 5,094 744 Loss before income taxes (54,516 ) (84,746 ) (67,625 ) Income tax expense (benefit) 6,740 5,438 (3,422 ) Net loss $ (61,256 ) $ (90,184 ) $ (64,203 ) 59 Table of Contents _________________________________________ (1) Includes share-based compensation expense as follows: Year Ended December 31, 2023 2022 2021 (in thousands) Cost of revenue: subscription–self-managed and SaaS $ 9,784 $ 6,991 $ 4,027 Research and development 32,689 24,664 14,572 Sales and marketing 30,338 22,753 15,256 General and administrative 22,360 14,253 23,094 Total share-based compensation expense $ 95,171 $ 68,661 $ 56,949 (2) Includes amortization expense of acquired intangible assets as follows: Year Ended December 31, 2023 2022 2021 (in thousands) Cost of revenue: subscription–self-managed and SaaS $ 9,546 $ 9,543 $ 4,147 Cost of revenue: license—self-managed 799 880 800 Sales and marketing 1,431 1,145 952 Total amortization expense of acquired intangible assets $ 11,776 $ 11,568 $ 5,899 (3) Includes acquisition-related costs as follows: Year Ended December 31, 2023 2022 2021 (in thousands) Cost of revenue: subscription–self-managed and SaaS $ 20 $ 25 $ 16 Research and development 7,301 9,610 5,489 Sales and marketing 125 762 463 General and administrative 161 315 1,006 Total acquisition-related costs $ 7,607 $ 10,712 $ 6,974 (4) Includes legal settlement costs as follows: Year Ended December 31, 2023 2022 2021 (in thousands) Sales and marketing $ — $ — $ 2,550 General and administrative — 216 203 Total legal settlement costs $ — $ 216 $ 2,753 60 Table of Contents Year Ended December 31, 2023 2022 2021 Revenue: Subscription—self-managed and SaaS 94 % 93 % 92 % License—self-managed 6 7 8 Total subscription revenue 100 100 100 Cost of revenue: Subscription—self-managed and SaaS 22 22 20 License—self-managed — — — Total cost of revenue—subscription 22 22 20 Gross profit 78 78 80 Operating expenses: Research and development 39 43 39 Sales and marketing 43 47 47 General and administrative 18 20 27 Total operating expenses 100 110 113 Operating loss (22 ) (32 ) (33 ) Interest and other income, net 6 2 — Loss before income taxes (16 ) (30 ) (33 ) Income tax expense (benefit) 2 2 (2 ) Net loss (18 )% (32 )% (31 )% Comparison of the Years Ended December 31, 2023 and 2022 Revenue Year Ended December 31, 2023 2022 $ Change % Change (in thousands, except percentages) Subscription—self-managed and SaaS $ 330,193 $ 261,452 $ 68,741 26 % License—self-managed 19,693 18,588 1,105 6 Total subscription revenue $ 349,886 $ 280,040 $ 69,846 25 % The increase in total subscription revenue for the year ended December 31, 2023 compared to the year ended December 31, 2022 consisted of approximately $64.5 million growth from existing customers and the remaining attributable to new customers.

Biggest changeResults of Operations The following tables set forth selected consolidated statements of operations data and such data as a percentage of total revenue for each of the periods indicated: Year Ended December 31, 2024 2023 2022 (in thousands) Revenue: Subscription—self-managed and SaaS $ 406,903 $ 330,193 $ 261,452 License—self-managed 21,585 19,693 18,588 Total subscription revenue 428,488 349,886 280,040 Cost of revenue: Subscription—self-managed and SaaS (1)(2)(3) 97,758 76,244 61,407 License—self-managed (2) 542 799 880 Total cost of revenue—subscription 98,300 77,043 62,287 Gross profit 330,188 272,843 217,753 Operating expenses: Research and development (1)(3) 160,864 134,584 121,225 Sales and marketing (1)(2)(3) 190,401 150,675 130,812 General and administrative (1)(3)(4) 70,021 63,132 55,556 Total operating expenses 421,286 348,391 307,593 Operating loss (91,098 ) (75,548 ) (89,840 ) Interest and other income, net 25,278 21,032 5,094 Loss before income taxes (65,820 ) (54,516 ) (84,746 ) Income tax expense 3,416 6,740 5,438 Net loss $ (69,236 ) $ (61,256 ) $ (90,184 ) _________________________________________ (1) Includes share-based compensation expense as follows: Year Ended December 31, 2024 2023 2022 (in thousands) Cost of revenue: subscription–self-managed and SaaS $ 14,555 $ 9,784 $ 6,991 Research and development 48,192 32,689 24,664 Sales and marketing 47,603 30,338 22,753 General and administrative 20,756 22,360 14,253 Total share-based compensation expense $ 131,106 $ 95,171 $ 68,661 58 Table of Contents (2) Includes amortization expense of acquired intangible assets as follows: Year Ended December 31, 2024 2023 2022 (in thousands) Cost of revenue: subscription–self-managed and SaaS $ 13,762 $ 9,546 $ 9,543 Cost of revenue: license—self-managed 542 799 880 Sales and marketing 3,274 1,431 1,145 Total amortization expense of acquired intangible assets $ 17,578 $ 11,776 $ 11,568 (3) Includes acquisition-related costs as follows: Year Ended December 31, 2024 2023 2022 (in thousands) Cost of revenue: subscription–self-managed and SaaS $ 9 $ 20 $ 25 Research and development 3,782 7,301 9,610 Sales and marketing 1,087 125 762 General and administrative 880 161 315 Total acquisition-related costs $ 5,758 $ 7,607 $ 10,712 (4) Includes legal settlement costs as follows: Year Ended December 31, 2024 2023 2022 (in thousands) General and administrative $ — $ — 216 Year Ended December 31, 2024 2023 2022 Revenue: Subscription—self-managed and SaaS 95 % 94 % 93 % License—self-managed 5 6 7 Total subscription revenue 100 100 100 Cost of revenue: Subscription—self-managed and SaaS 23 22 22 License—self-managed — — — Total cost of revenue—subscription 23 22 22 Gross profit 77 78 78 Operating expenses: Research and development 38 39 43 Sales and marketing 44 43 47 General and administrative 16 18 20 Total operating expenses 98 100 110 Operating loss (21 ) (22 ) (32 ) Interest and other income, net 6 6 2 Loss before income taxes (15 ) (16 ) (30 ) Income tax expense 1 2 2 Net loss (16 )% (18 )% (32 )% 59 Table of Contents Comparison of the Years Ended December 31, 2024 and 2023 Revenue Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) Subscription—self-managed and SaaS $ 406,903 $ 330,193 $ 76,710 23 % License—self-managed 21,585 19,693 1,892 10 Total subscription revenue $ 428,488 $ 349,886 $ 78,602 22 % The increase in total subscription revenue for the year ended December 31, 2024 compared to the year ended December 31, 2023 consisted of approximately $70.3 million growth from existing customers and the remaining attributable to new customers.

While we believe we have a significant market opportunity that our platform addresses, we will need to continue to invest in customer support, sales and marketing, and research and development in order to address this opportunity. Additionally, we believe our products address the software release needs of customers worldwide, and we see international expansion as a major opportunity.

While we believe we have a significant market opportunity that our platform addresses, we will need to continue to invest in customer support, research and development, and sales and marketing in order to address this opportunity. Additionally, we believe our products address the software release needs of customers worldwide, and we see international expansion as a major opportunity.

Subscriptions to our self-managed software include license, support, and upgrades and updates on a when-and-if-available basis. Our SaaS subscriptions provide access to our latest managed version of our product hosted in a public cloud. Subscription—Self-Managed and SaaS Subscription—self-managed and SaaS revenue is generated from the sale of subscriptions for our self-managed software products and revenue from our SaaS subscriptions.

Financing Activities Net cash provided by financing activities of $18.4 million for the year ended December 31, 2023 consisted primarily of proceeds from exercise of share options of $10.0 million and proceeds from employee share purchases under our ESPP of $6.7 million.

Net cash provided by financing activities of $18.4 million for the year ended December 31, 2023 consisted primarily of proceeds from exercise of share options of $10.0 million and proceeds from employee share purchases under our ESPP of $6.7 million.

We have an unwavering commitment to the software developer, security teams, MLOps teams, and IT operator communities, and show this commitment by offering varying forms of free access to our products in addition to the paid subscriptions described above.

Income Tax Expense Income tax expense (benefit) consists primarily of income taxes related to the U.S. and other foreign jurisdictions in which we conduct business. We maintain a full valuation allowance on certain deferred tax assets in Israel as we have concluded that it is not more likely than not that the deferred tax assets will be realized.

Income Tax Expense Income tax expense consists primarily of income taxes related to the U.S. and other foreign jurisdictions in which we conduct business. We maintain a full valuation allowance on deferred tax assets in Israel as we have concluded that it is not more likely than not that the deferred tax assets will be realized.

The changes in operating assets and liabilities were primarily related to an increase of $38.4 million in deferred revenue and an increase of $10.7 million in accrued expense and other liabilities mainly due to higher accrued compensation and benefits, 63 Table of Contents partially offset by an increase of $14.1 million in accounts receivable, an increase of $7.8 million in net deferred contract acquisition costs, and a decrease of $7.7 million in operating lease liabilities primarily as a result of payments.

The changes in operating assets and liabilities were primarily related to an increase of $38.4 million in deferred revenue and an increase of $10.7 million in accrued expense and other liabilities mainly due to higher accrued compensation and benefits, partially offset by an increase of $14.1 million in accounts receivable, an increase of $7.8 million in net deferred contract acquisition costs, and a decrease of $7.7 million in operating lease liabilities primarily as a result of payments.

Purchase obligations represent our commitments primarily for hosting services, software products and services under contracts of 12 months or longer. Obligations under contracts that we can cancel without a significant penalty are not included in the table above. We believe we will have sufficient liquidity from our operations to fulfill the commitments.

Purchase obligations represent our commitments primarily for hosting services, software products and services under contracts with remaining terms of 12 months or longer. Obligations under contracts that we can cancel without a significant penalty are not included in the table above. We believe we will have sufficient liquidity from our operations to fulfill the commitments.

General and Administrative General and administrative expenses primarily consist of personnel-related expenses, share-based compensation expenses, associated primarily with our finance, legal, human resources and other operational and administrative functions, professional fees for external legal, accounting and other consulting services, directors and officer’s insurance expenses, and allocated overhead.

General and Administrative General and administrative expenses primarily consist of personnel-related expenses, share-based compensation expenses, associated primarily with our finance, legal, human resources and other operational and administrative functions, professional 57 Table of Contents fees for external legal, accounting and other consulting services, directors and officer’s insurance expenses, and allocated overhead.

We then calculate the contracted ARR from these Base Customers in the last month of the same quarter of the subsequent year (the “Comparison Quarter”). This calculation captures upsells, contraction, and attrition since the Base Quarter. We then divide total Comparison Quarter ARR by total Base Quarter ARR for Base Customers.

We then calculate the contracted ARR from these Base Customers in the last month of the same quarter of the subsequent year (the “Comparison Quarter”). This calculation captures 55 Table of Contents upsells, contraction, and attrition since the Base Quarter. We then divide total Comparison Quarter ARR by total Base Quarter ARR for Base Customers.

We will continue to expand our strategic team to 56 Table of Contents identify new use cases and drive expansion and standardization on JFrog within our largest customers, to maintain engineering-level customer support, and to introduce new products and features that are responsive to our customers’ needs. We quantify our expansion across existing customers through our net dollar retention rate.

We will continue to expand our strategic team to identify new use cases and drive expansion and standardization on JFrog within our largest customers, to maintain engineering-level customer support, and to introduce new products and features that are responsive to our customers’ needs. We quantify our expansion across existing customers through our net dollar retention rate.

The following section generally discusses our financial condition and results of operations for the year ended December 31, 2023 compared to the year ended December 31, 2022.

The following section generally discusses our financial condition and results of operations for the year ended December 31, 2024 compared to the year ended December 31, 2023.

Acquiring New Customers We believe there is a significant opportunity to grow the number of customers that use our platform. As of December 31, 2023, approximately 32% of the Forbes Global 2000 were our customers. Our results of operations and growth prospects will depend in part on our ability to attract new customers.

Acquiring New Customers We believe there is a significant opportunity to grow the number of customers that use our platform. As of December 31, 2024, approximately 32% of the Forbes Global 2000 were our customers. Our operating results and growth prospects will depend in part on our ability to attract new customers.

A discussion regarding our financial condition and results of operations for the year ended December 31, 2022 compared to the year ended December 31, 2021 can be found in Part II, Item 7 of our 2022 Annual Report on Form 10‐K, filed with the SEC on February 9, 2023.

A discussion regarding our financial condition and results of operations for the year ended December 31, 2023 compared to the year ended December 31, 2022 can be found in Part II, Item 7 of our 2023 Annual Report on Form 10‐K, filed with the SEC on February 15, 2024.

Our net dollar retention rate may fluctuate as a result of a number of factors, including the level of penetration within our customer base, expansion of products and features, and our ability to retain our customers. As of December 31, 2023 and 2022, our net dollar retention rate was 119% and 128%, respectively.

Our net dollar retention rate may fluctuate as a result of a number of factors, including the level of penetration within our customer base, expansion of products and features, and our ability to retain our customers. As of December 31, 2024 and 2023, our net dollar retention rate was 116% and 119%, respectively.

Revenue from Enterprise Plus subscription represented approximately 46% of our total revenue for the year ended December 31, 2023, compared to approximately 38% for the year ended December 31, 2022. The growth in revenue from our Enterprise Plus subscription demonstrates the increased demand for our end-to-end solutions for customers’ entire software supply chain management.

Revenue from Enterprise Plus subscription represented approximately 51% of our total revenue for the year ended December 31, 2024, compared to approximately 46% for the year ended December 31, 2023. The growth in revenue from our Enterprise Plus subscription demonstrates the increased demand for our end-to-end solutions for customers’ entire software supply chain management.

We expect that our research and development expenses will 58 Table of Contents continue to increase as we increase our research and development headcount to further strengthen and enhance our products and invest in the development of our software.

We expect that our research and development expenses will continue to increase as we increase our research and development headcount to further strengthen and enhance our products and invest in the development of our software.

Revenue from SaaS subscriptions contributed 34% of our total revenue for the year ended December 31, 2023, compared to 28% for the year ended December 31, 2022. Our self-managed subscriptions are offered on an annual and multi-year basis, and our SaaS subscriptions are offered on a monthly, annual, and multi-year basis.

Revenue from SaaS subscriptions contributed 39% of our total revenue for the year ended December 31, 2024, compared to 34% for the year ended December 31, 2023. Our self-managed subscriptions are offered on an annual and multi-year basis, and our SaaS subscriptions are offered on a monthly, annual, and multi-year basis.

All of the top 10 technology organizations, 9 of the top 10 financial services organizations, 9 of the top 10 retail organizations, 9 of the top 10 healthcare organizations, and all of the top 6 telecommunications organizations in the Fortune 500 have adopted the JFrog platform, embarking on their journey towards Liquid Software.

All of the top 10 technology organizations and top 10 financial services organizations, 8 of the top 10 retail organizations, 8 of the top 10 healthcare organizations, and all of the top 5 telecommunications organizations in the Fortune 500 have adopted the JFrog platform, embarking on their journey towards Liquid Software.

We continued to invest in our business and had net loss of $61.3 million and $90.2 million for the years ended December 31, 2023 and 2022, respectively.

We continued to invest in our business and had net loss of $69.2 million and $61.3 million for the years ended December 31, 2024 and 2023, respectively.

Factors Affecting Our Performance We believe that our future performance will depend on many factors, including the following: Extending Our Technology Leadership We intend to continue to enhance our platform by developing new products and expanding the functionality of existing products to maintain our technology leadership.

Factors Affecting Our Performance We believe that our future performance will depend on many factors, including the following: Extending Our Technology Leadership We intend to continue to enhance our hybrid, universal, end-to-end software supply chain platform by developing new products and expanding the functionality of existing products to maintain our technology leadership.

We expect our net dollar retention rate to stabilize around current levels. We focus on growing the number of large customers as a measure of our ability to scale with our customers and attract larger organizations to adopt our products.

We expect our net dollar retention rate to remain relatively stable, with minor fluctuations around current levels. We focus on growing the number of large customers as a measure of our ability to scale with our customers and attract larger organizations to adopt our products.

To determine the standalone selling price for each performance obligation, we use observable standalone sales where available. In instances where observable standalone sales are not available, our estimate of the standalone selling price requires judgment. We consider multiple factors including market conditions, pricing strategies, the economic life of the software, and other observable inputs.

In instances where observable standalone sales are not available, our estimate of the standalone selling price requires judgment. We consider multiple factors including market conditions, pricing strategies, the economic life of the software, and other observable inputs.

This 55 Table of Contents free access takes the form of free trials and open source software, and helps generate demand for our paid offerings within the software developer, security and IT operator communities. We generated revenue of $349.9 million and $280.0 million for the years ended December 31, 2023 and 2022, respectively, representing year-over-year growth rate of 25%.

This free access takes the form of free trials and open source software, and helps generate demand for our paid offerings within the software developer, security and IT operator communities. 54 Table of Contents We generated revenue of $428.5 million and $349.9 million for the years ended December 31, 2024 and 2023, respectively, representing year-over-year growth rate of 22%.

As of December 31, 2023, 886 of our customers had ARR of $100,000 or more, increasing from 736 customers as of December 31, 2022. We had 37 customers with ARR of at least $1.0 million as of December 31, 2023, increasing from 19 customers as of December 31, 2022.

As of December 31, 2024, 1,018 of our customers had ARR of $100,000 or more, increasing from 886 customers as of December 31, 2023. We had 52 customers with ARR of at least $1.0 million as of December 31, 2024, increasing from 37 customers as of December 31, 2023.

The increase was primarily attributable to an increase of $9.1 million in third-party hosting costs primarily driven by increased revenue from SaaS subscriptions, an increase of $2.8 million in share-based compensation expense as discussed in the section titled “ Share-Based Compensation Expense ” below, and an increase of $1.8 million in personnel-related expenses mainly as a result of increased headcount.

The increase was primarily attributable to an increase of $9.9 million in third-party hosting costs primarily driven by increased revenue from SaaS subscriptions, an increase of $4.8 million in personnel-related expenses mainly as a result of increased headcount, an increase of $4.8 million in share-based compensation expense as discussed in the section titled “ Share-Based Compensation Expense ” below, and an increase of $4.0 million in intangible amortization mainly as a result of our acquisition of Qwak AI Ltd.

As of the date of this Annual Report on Form 10-K, there has been no major interruption or material adverse impact on our operating results. We will continue to monitor the situation as it progresses.

While certain of our employees and consultants have been called into military service, there has been no major interruption or material adverse impact on our operating results as of the date of this Annual Report on Form 10-K. We will continue to monitor the situation as it progresses.

Some of the limitations of free cash flow are that this metric does not reflect our future contractual commitments and may be calculated differently by other companies in our industry, limiting its usefulness as a comparative measure. We expect our free cash flow to fluctuate in future periods as we invest in our business to support our plans for growth.

We have designed our subscription structure and go-to-market strategy to align our growth with the success of our customers. Our business model benefits from our ability to serve the needs of all customers, from individual software developers, security teams, and IT operators to the largest organizations, in a value-oriented manner. We generate revenue from the sale of subscriptions to customers.

Our business model benefits from our ability to serve the needs of all customers, from individual software developers, security teams, MLOps teams, and IT operators to the largest organizations, in a value-oriented manner. We generate revenue from the sale of subscriptions to customers.

The increase was primarily attributable to an increase of $8.0 million in share-based compensation expense as discussed in the section titled “ Share-Based Compensation Expense ” below, an increase of $4.8 million in personnel-related expenses mainly as a result of increased headcount, and an increase of $1.8 million in costs of development environments and tools, partially offset by a decrease of $2.1 million in compensation expense associated with holdback and retention arrangements from our acquisitions in 2021.

The increase was primarily attributable to an increase of $15.5 million in share-based compensation expense, an increase of $9.0 million in personnel-related expenses mainly as a result of increased headcount, and an increase of $3.0 million in costs of development environments and tools, partially offset by a decrease of $3.6 million in compensation expense associated with holdback and retention arrangements from our acquisitions.

We expect our free cash flow to fluctuate in future periods as we invest in our business to support our plans for growth. 57 Table of Contents The following table summarizes our cash flows for the periods presented and provides a reconciliation of net cash from operating activities, the most directly comparable financial measure calculated in accordance with GAAP, to free cash flow, a non-GAAP financial measure, for each of the periods presented: Year Ended December 31, 2023 2022 2021 (in thousands) Net cash provided by operating activities $ 74,155 $ 21,425 $ 27,902 Less: purchases of property and equipment (1,982 ) (4,328 ) (4,228 ) Free cash flow $ 72,173 $ 17,097 $ 23,674 Net cash used in investing activities $ (53,476 ) $ (53,338 ) $ (125,545 ) Net cash provided by financing activities $ 18,371 $ 11,027 $ 1,444 Components of Results of Operations Revenue Our revenues are comprised of revenue from self-managed subscriptions and SaaS subscriptions.

The following table summarizes our cash flows for the periods presented and provides a reconciliation of net cash from operating activities, the most directly comparable financial measure calculated in accordance with GAAP, to free cash flow, a non-GAAP financial measure, for each of the periods presented: Year Ended December 31, 2024 2023 2022 (in thousands) Net cash provided by operating activities $ 110,924 $ 74,155 $ 21,425 Less: purchases of property and equipment (3,143 ) (1,982 ) (4,328 ) Free cash flow $ 107,781 $ 72,173 $ 17,097 Net cash used in investing activities $ (165,356 ) $ (53,476 ) $ (53,338 ) Net cash provided by financing activities $ 21,231 $ 18,371 $ 11,027 56 Table of Contents Components of Results of Operations Revenue Our revenues are comprised of revenue from self-managed subscriptions and SaaS subscriptions.

The second pillar revolves around technology to support continuity of our services, security, cyber defense, and research and development. The third pillar is dedicated to our external-facing activities to promote continuity of customer engagements, support and external communication.

The first pillar is our internal plan focused on the safety of our employees in Israel and maintaining internal communication channels. The second pillar revolves around technology to support continuity of our services, security, cyber defense, and research and development. The third pillar is dedicated to our external-facing activities to promote continuity of customer engagements, support and external communication.

Net cash provided by financing activities of $11.0 million for the year ended December 31, 2022 consisted primarily of proceeds from exercise of share options of $5.9 million and proceeds from employee share purchases under our ESPP of $5.2 million.

Financing Activities Net cash provided by financing activities of $21.2 million for the year ended December 31, 2024 consisted primarily of proceeds from exercise of share options of $10.4 million and proceeds from employee share purchases under our ESPP of $8.7 million.

Expanding Usage by Existing Customers We believe that there is a significant opportunity for growth with many of our existing customers. Many customers purchase our products through self-service channels and often materially expand their usage over time.

We intend to expend additional resources in the future to continue introducing new products, features, and functionality. Expanding Usage by Existing Customers We believe that there is a significant opportunity for growth with many of our existing customers. Many customers purchase our products through self-service channels and often materially expand their usage over time.

Net cash used in investing activities of $53.3 million for the year ended December 31, 2022 consisted primarily of net purchase of short-term investments of $48.5 million and capital expenditure of $4.3 million.

Net cash used in investing activities of $53.5 million for the year ended December 31, 2023 consisted primarily of net purchase of short-term investments of $51.5 million.

The following table summarizes our cash flows for the periods presented: Year Ended December 31, 2023 2022 (in thousands) Net cash provided by operating activities $ 74,155 $ 21,425 Net cash used in investing activities $ (53,476 ) $ (53,338 ) Net cash provided by financing activities $ 18,371 $ 11,027 Operating Activities Net cash provided by operating activities of $74.2 million for the year ended December 31, 2023 was primarily related to our net loss of $61.3 million, adjusted for non-cash charges of $112.1 million, including share-based compensation expense of $95.2 million and depreciation and amortization of $15.3 million, and changes in our operating assets and liabilities of $23.3 million.

The following table summarizes our cash flows for the periods presented: Year Ended December 31, 2024 2023 (in thousands) Net cash provided by operating activities $ 110,924 $ 74,155 Net cash used in investing activities $ (165,356 ) $ (53,476 ) Net cash provided by financing activities $ 21,231 $ 18,371 Operating Activities Net cash provided by operating activities of $110.9 million for the year ended December 31, 2024 was primarily related to our net loss of $69.2 million, adjusted for non-cash charges of $155.0 million, including share-based compensation expense of $131.1 million and depreciation and amortization of $21.5 million, and changes in our operating assets and liabilities of $25.1 million.

License revenue is recognized upfront when the software license is made available to our customer. Cost of Revenue Subscription—Self-Managed and SaaS Cost of subscription—self-managed and SaaS revenue primarily consists of expenses related to providing support to our customers and cloud-related costs, such as hosting and managing costs.

Cost of Revenue Subscription—Self-Managed and SaaS Cost of subscription—self-managed and SaaS revenue primarily consists of expenses related to providing support to our customers and cloud-related costs, such as hosting and managing costs.

Israel-Hamas War On October 7, 2023, Hamas militants and members of other terrorist organizations infiltrated Israel’s southern border from the Gaza Strip and conducted a series of terror attacks on civilian and military targets.

Middle East Conflict On October 7, 2023, Hamas militants and members of other terrorist organizations infiltrated Israel’s southern border from the Gaza Strip and conducted a series of terror attacks on civilian and military targets. Following the attack, Israel’s security cabinet declared war against Hamas and commenced a military campaign against these terrorist organizations.

The increases in deferred revenue, accounts receivable, and deferred contract acquisition costs were driven by higher sales. Investing Activities Net cash used in investing activities of $53.5 million for the year ended December 31, 2023 consisted primarily of net purchase of short-term investments of $51.5 million.

The increases in deferred revenue, accounts receivable, and deferred contract acquisition costs were driven by higher sales. 62 Table of Contents Investing Activities Net cash used in investing activities of $165.4 million for the year ended December 31, 2024 consisted primarily of payments for the Qwak acquisition of $156.7 million, net of cash acquired, and net purchases of short-term investments of $5.5 million.

Income Tax Expense Year Ended December 31, 2023 2022 $ Change % Change (in thousands, except percentages) Income tax expense (benefit) $ 6,740 $ 5,438 $ 1,302 24 % Effective income tax rate (12 )% (6 )% Our effective tax rate is affected primarily by tax rates in foreign jurisdictions and the relative amounts of income we earn in those jurisdictions, as well as non-deductible expenses, such as share-based compensation, and changes in our valuation allowance.

Income Tax Expense Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) Income tax expense $ 3,416 $ 6,740 $ (3,324 ) (49 )% Effective income tax rate (5 )% (12 )% Our effective tax rate is affected primarily by tax rates in foreign jurisdictions and the relative amounts of income we earn in those jurisdictions, non-deductible expenses, excess tax benefits from share-based compensation awards, and changes in our 61 Table of Contents valuation allowance.

Revenue Recognition Revenue is recognized when a customer obtains control of promised goods or services are delivered. The amount of revenue recognized reflects the consideration that we expect to receive in exchange for these goods or services. Our contracts may contain multiple performance obligations, each of which is separately accounted for as a distinct performance obligation.

The amount of revenue recognized reflects the consideration that we expect to receive in exchange for these goods or services. Our contracts may contain multiple performance obligations, each of which is separately accounted for as a distinct performance obligation. To determine the standalone selling price for each performance obligation, we use observable standalone sales where available.

Short-term investments generally consist of bank deposits, certificates of deposit, commercial paper, corporate debt securities, municipal securities, and government and agency debt. We believe our existing cash, cash equivalents, and short-term investments, together with cash provided by operations, will be sufficient to meet our needs for the next 12 months, as well as in the long-term.

We believe our existing cash, cash equivalents, and short-term investments, together with cash provided by operations, will be sufficient to meet our needs for the next 12 months, as well as in the long-term.

Net cash provided by operating activities of $21.4 million for the year ended December 31, 2022 was primarily related to our net loss of $90.2 million, adjusted for non-cash charges of $94.8 million, including share-based compensation expense of $68.7 million and depreciation and amortization of $14.7 million, and changes in our operating assets and liabilities of $16.8 million.

Net cash provided by operating activities of $74.2 million for the year ended December 31, 2023 was primarily related to our net loss of $61.3 million, adjusted for non-cash charges of $112.1 million, including share-based compensation expense of $95.2 million and depreciation and amortization of $15.3 million, and changes in our operating assets and liabilities of $23.3 million.

Sales and Marketing Year Ended December 31, 2023 2022 $ Change % Change (in thousands, except percentages) Sales and marketing $ 150,675 $ 130,812 $ 19,863 15 % Sales and marketing expense increased for the year ended December 31, 2023 compared to the year ended December 31, 2022.

Sales and Marketing Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) Sales and marketing $ 190,401 $ 150,675 $ 39,726 26 % Sales and marketing expense increased for the year ended December 31, 2024 compared to the year ended December 31, 2023.

General and Administrative Year Ended December 31, 2023 2022 $ Change % Change (in thousands, except percentages) General and administrative $ 63,132 $ 55,556 $ 7,576 14 % General and administrative expense increased for the year ended December 31, 2023 compared to the year ended December 31, 2022.

General and Administrative Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) General and administrative $ 70,021 $ 63,132 $ 6,889 11 % General and administrative expense increased for the year ended December 31, 2024 compared to the year ended December 31, 2023.

Our effective tax rate is affected by tax rates in foreign jurisdictions and the relative amounts of income we earn in those jurisdictions, as well as non-deductible expenses, such as share-based compensation, and changes in our valuation allowance.

We may recognize tax benefits from the release of valuation allowance in connection with acquisitions that create deferred tax liabilities. Our effective tax rate is affected by tax rates in foreign jurisdictions and the relative amounts of income we earn in those jurisdictions, non-deductible expenses, excess tax benefits from share-based compensation awards, and changes in our valuation allowance.

We believe our judgments and estimates associated with the determination of standalone selling price for each performance obligation in revenue recognition and accounting for income taxes, which we discuss further below, could have a material impact on our consolidated financial statements. 64 Table of Contents Please see Notes to Consolidated Financial Statements included in Part II, Item 8 of this Annual Report on Form 10-K for a summary of significant accounting policies and the effect on our financial statements.

We believe our judgments and estimates associated with the determination of standalone selling price for each performance obligation in revenue recognition, accounting for business combinations, and accounting for income taxes, which we discuss further below, could have a material impact on our consolidated financial statements.

Contractual Obligations The following table summarizes our non-cancellable contractual obligations as of December 31, 2023: Payments Due by Period Total Short-term Long-term (in thousands) Operating lease obligations $ 23,383 $ 8,895 $ 14,488 Purchase obligations 32,687 16,346 16,341 Total $ 56,070 $ 25,241 $ 30,829 The contractual commitment amounts in the table above are associated with agreements that are enforceable and legally binding.

Contractual Obligations The following table summarizes our non-cancellable contractual obligations as of December 31, 2024: Payments Due by Period Total Short-term Long-term (in thousands) Operating lease obligations $ 14,552 $ 8,138 $ 6,414 Purchase obligations 49,058 16,407 32,651 Total $ 63,610 $ 24,545 $ 39,065 The contractual commitment amounts in the table above are associated with agreements that are enforceable and legally binding.

Cost of Revenue and Gross Margin Year Ended December 31, 2023 2022 $ Change % Change (in thousands, except percentages) Subscription—self-managed and SaaS $ 76,244 $ 61,407 $ 14,837 24 % License—self-managed 799 880 (81 ) (9 ) Total cost of revenue—subscription $ 77,043 $ 62,287 $ 14,756 24 % Gross margin 78 % 78 % Total cost of revenue increased for the year ended December 31, 2023 compared to the year ended December 31, 2022.

Cost of Revenue and Gross Margin Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) Subscription—self-managed and SaaS $ 97,758 $ 76,244 $ 21,514 28 % License—self-managed 542 799 (257 ) (32 ) Total cost of revenue—subscription $ 98,300 $ 77,043 $ 21,257 28 % Gross margin 77 % 78 % Total cost of revenue increased for the year ended December 31, 2024 compared to the year ended December 31, 2023.

We maintain a comprehensive business continuity plan and have taken the necessary steps in line with such plan, in an effort to ensure that our operations and service to our customers remain consistent, in light of certain employees drafted as reservists in the war between Hamas and Israel.

We have activated and maintained a comprehensive three-pillar business continuity plan and have taken the necessary steps which we believe are in line with such plan, in an effort to ensure that our operations and service to our customers remain consistent.

The increase was primarily attributable to an increase of $7.6 million in share-based compensation expense as discussed in the section titled “ Share-Based Compensation Expense ” below, an increase of $5.9 million in personnel-related expenses mainly as a result of increased headcount, and an increase of $5.6 million in commissions mainly from amortization of deferred contract acquisition costs.

The increase was primarily attributable to an increase of $17.3 million in share-based compensation expense, an increase of $13.6 60 Table of Contents million in personnel-related expenses mainly as a result of increased headcount, an increase of $2.7 million in allocated overhead costs, and an increase of $2.6 million in commissions.

The increases in deferred revenue, accounts receivable, and deferred contract acquisition costs were driven by higher sales.

The increases in deferred revenue, accounts receivable, and deferred contract acquisition costs were driven by higher sales. The changes in prepaid expenses and other assets and accounts payable were mainly due to timing of payments.

The changes in operating assets and liabilities were primarily related to an increase in deferred revenue of $28.6 million and a decrease in prepaid expenses and other assets of $9.3 million primarily due to the one-time acquisition holdback payments in 2021, partially offset by an increase in accounts receivable of $11.2 million, a decrease of $9.1 million in operating lease liabilities primarily as a result of payments, and an increase of $7.2 million in net deferred contract acquisition costs related to capitalized commissions.

These inflows were partially offset by an increase of $13.5 million in accounts receivable, an increase of $12.1 million in net deferred contract acquisition costs, a decrease of $8.1 million in operating lease liabilities as a result of payments, an increase of $7.8 million in prepaid expenses and other assets, and a decrease of $7.3 million in accounts payable.

We believe that these integrations increase the value of our platform to our customers, as they provide freedom of choice for software developers, security and IT operators and help avoid vendor lock-in. We intend to expend additional resources in the future to continue introducing new products, features, and functionality.

We invest heavily in integrating our products with the major package technologies so that our products can be easily adopted in any development environment. We believe that these integrations increase the value of our platform to our customers, as they provide freedom of choice for software developers, security teams, and IT operators and help avoid vendor lock-in.

Gross margin remained consistent for the year ended December 31, 2023 compared to the year ended December 31, 2022. 61 Table of Contents Operating Expenses Research and Development Year Ended December 31, 2023 2022 $ Change % Change (in thousands, except percentages) Research and development $ 134,584 $ 121,225 $ 13,359 11 % Research and development expense increased for the year ended December 31, 2023 compared to the year ended December 31, 2022.

Operating Expenses Research and Development Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) Research and development $ 160,864 $ 134,584 $ 26,280 20 % Research and development expense increased for the year ended December 31, 2024 compared to the year ended December 31, 2023.

For subscriptions to our self-managed software products, revenue is recognized ratably over the subscription term. For our SaaS subscriptions, revenue is recognized based on usage as the usage occurs over the contract period. License—Self-Managed The license component of our self-managed subscriptions reflects the revenue recognized by providing customers with access to proprietary software features.

License—Self-Managed The license component of our self-managed subscriptions reflects the revenue recognized by providing customers with access to proprietary software features. License revenue is recognized upfront when the software license is made available to our customer.

The increase was primarily attributable to an increase of $8.1 million in share-based compensation expense as discussed in the section titled “ Share-Based Compensation Expense ” below and an increase of $1.6 million in personnel-related expenses mainly as a result of increased headcount, partially offset by a decrease of $1.9 million in professional fees for recruiting, accounting and other services.

The increase was primarily attributable to an increase of $5.1 million in personnel-related expenses mainly as a result of increased headcount and an increase of $2.7 million in professional fees mainly related to legal and recruiting services.

We may also use the expected cost-plus margin approach to estimate the price we would charge if the products and services were sold separately. The standalone selling price is reassessed periodically or when facts and circumstances change. Income taxes We are subject to income taxes in Israel, the U.S., and other foreign jurisdictions.

We may also use the expected cost-plus margin approach to estimate the price we would charge if the products and services were sold separately.

Such employees may be absent for an extended period of time. Accordingly, we have taken steps to mitigate the effects of the war between Hamas and Israel on our business and results of operations. Although we are domiciled in Israel, we are a global, cloud-based company, with operations spanning numerous countries with redundant infrastructure and code located outside of Israel.

Although we are domiciled in Israel, we are a global, cloud-based company, with operations spanning numerous countries with redundant infrastructure and code located outside of Israel.

Share-based Compensation Expense Year Ended December 31, 2023 2022 $ Change % Change (in thousands, except percentages) Cost of revenue: subscription–self-managed and SaaS $ 9,784 $ 6,991 $ 2,793 40 % Research and development 32,689 24,664 8,025 33 Sales and marketing 30,338 22,753 7,585 33 General and administrative 22,360 14,253 8,107 57 Total share-based compensation expense $ 95,171 $ 68,661 $ 26,510 39 % The increase in share-based compensation expenses for the year ended December 31, 2023 compared to the year ended December 31, 2022 was primarily attributable to grants to new and existing employees. 62 Table of Contents Interest and Other Income, Net Year Ended December 31, 2023 2022 $ Change % Change (in thousands, except percentages) Interest and other income, net $ 21,032 $ 5,094 $ 15,938 313 % Interest and other income, net increased for the year ended December 31, 2023 compared to the year ended December 31, 2022, primarily due to higher interest income as a result of higher interest rates on our deposits and marketable securities.

Share-based Compensation Expense Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) Cost of revenue: subscription–self-managed and SaaS $ 14,555 $ 9,784 $ 4,771 49 % Research and development 48,192 32,689 15,503 47 Sales and marketing 47,603 30,338 17,265 57 General and administrative 20,756 22,360 (1,604 ) (7 ) Total share-based compensation expense $ 131,106 $ 95,171 $ 35,935 38 % The increase in share-based compensation expenses for the year ended December 31, 2024 compared to the year ended December 31, 2023 was primarily attributable to grants to new and existing employees.

For the year ended December 31, 2023, our 10 largest customers represented approximately 7% of our total revenue and no single customer accounted for more than 1% of our total revenue. For the year ended December 31, 2023, 38% of our revenue was generated from customers outside of the United States.

For the year ended December 31, 2024, our 10 largest customers represented approximately 8% of our total revenue and 40% of our revenue was generated from customers outside of the United States. We have designed our subscription structure and go-to-market strategy to align our growth with the success of our customers.

Our principal uses of cash in recent periods have been funding our operations, investing in capital expenditures, and business and asset acquisitions. As of December 31, 2023, our principal sources of liquidity were cash, cash equivalents, and short-term investments of $545.0 million. Cash and cash equivalents primarily consist of cash in banks and money market funds.

As of December 31, 2024, our principal sources of liquidity were cash, cash equivalents, and short-term investments of $522.0 million. Cash and cash equivalents primarily consist of cash in banks and money market funds. Short-term investments generally consist of bank deposits, certificates of deposit, commercial paper, corporate debt securities, municipal securities, and government and agency debt.

See Note 14, Income Taxes , to the Consolidated Financial Statements for further information on the provision for income taxes. Liquidity and Capital Resources Since our inception, we have financed our operations primarily through sales of equity securities and cash generated from operations.

See Note 14, Income Taxes , to the Consolidated Financial Statements for further information on the provision for income taxes.

Removed

Overview JFrog’s vision is to power a world of continuously updated, secure, trusted software – we call this Liquid Software. We provide an end-to-end, hybrid, universal Software Supply Chain Platform that enables organizations to continuously and securely create and deliver software updates across any system.

Added

Overview JFrog provides a hybrid, universal, end-to-end software supply chain platform for delivering trusted, secure software updates from code to production.

Removed

This platform is the critical bridge between software development and deployment of that software, paving the way for modern software supply chain management and software release processes. We enable organizations to build and release software faster and more securely while empowering developers, security teams and machine learning operation teams to be more efficient.

Added

Our goal is to function as the single source of truth for an organization’s software footprint, bridging digital gaps between developers, security teams, machine learning engineers, data scientists, and other business units to empower a world of always-on, always-current software which we refer to as “Liquid Software.” As of December 31, 2024, we had a global customer base of approximately 7,300 organizations across all industries and sizes, including approximately 82% of Fortune 100 organizations.

Removed

As of December 31, 2023, we had a global customer base of approximately 7,400 organizations across all industries and sizes, including approximately 83% of Fortune 100 organizations, increasing from approximately 7,200 organizations as of December 31, 2022.

Added

Since the commencement of these events, there have been additional active hostilities, including with Hezbollah in Lebanon, Iran, and most recently, the Houthi movement which controls parts of Yemen.

Removed

Following the attack, Israel’s security cabinet declared war against Hamas and a military campaign against these terrorist organizations commenced in parallel with continued rocket and terror attacks from Hamas.

Added

The conflict has recently expanded into Lebanon and though ceasefires have been reached with Hamas in Gaza and Hezbollah in Lebanon, it is possible that hostilities will resume without warning and escalate into a greater regional conflict, and that additional terrorist organizations and countries could actively join the hostilities.

Removed

In connection with the Israeli security cabinet’s war declaration against Hamas and possible hostilities with other organizations, several hundred thousand Israeli military reservists were drafted by the Israel Defense Forces to perform immediate military service. Certain of our employees and consultants in Israel have been called and additional employees may be called as the conflict progresses.

Added

For subscriptions to our self-managed software products, revenue is recognized ratably over the subscription term. For our SaaS subscriptions, revenue is recognized ratably over each commitment period within the subscription term, based on minimum usage commitments and any excess usage in the corresponding commitment period.

Removed

Our business continuity plan is structured around three pillars and was activated on October 7, 2023, hours after the attack on Israel. The first pillar is our internal plan focused on the safety of our employees in Israel and maintaining internal communication channels.

Added

(“Qwak”) in July 2024, partially offset by a decrease of $2.5 million in costs associated with software and subscription costs. Gross margin slightly decreased for the year ended December 31, 2024 compared to the year ended December 31, 2023, reflecting a shift in our revenue mix, as SaaS subscriptions, which incur higher hosting costs, contributed to a lower overall margin.

Removed

Today, with JFrog Artifactory at its center, our platform is comprised of additional security solutions and the connected device management solution. We have continued to invest in innovation and introduce new products and capabilities.

Added

Additionally, in 2024, we recognized $5.2 million share-based compensation expense primarily in research and development, related to Qwak acquisition holdback ordinary shares and replacement RSUs.

Removed

For instance, in July 2023, we released JFrog Curation, a solution that prevents malicious open source or third-party software packages and their respective dependencies from entering an organization’s software development environment. We invest heavily in integrating our products with the major package technologies so that our products can be easily adopted in any development environment.

Added

Interest and Other Income, Net Year Ended December 31, 2024 2023 $ Change % Change (in thousands, except percentages) Interest and other income, net $ 25,278 $ 21,032 $ 4,246 20 % Interest and other income, net increased for the year ended December 31, 2024 compared to the year ended December 31, 2023, primarily due to higher interest income as a result of higher interest rates on our deposits and marketable securities.

Added

Income tax expense decreased for the year ended December 31, 2024 compared to the year ended December 31, 2023 primarily due to higher excess tax benefits from share-based compensation awards and a discrete tax benefit in Israel attributable to the release of valuation allowance as a result of recognizing deferred tax liabilities associated with the Qwak acquisition.

… 6 more changes not shown on this page.

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Market Risk — interest-rate, FX, commodity exposure

8 edited+2 added−0 removed6 unchanged

2023 filing

2024 filing

Biggest changeAs of December 31, 2023, our cash, cash equivalents, restricted cash, and short-term investments were primarily denominated in U.S. dollars. A 10% adverse change in current exchange rates would not have materially affected our cash, cash equivalents, restricted cash, and short-term investment balances as of December 31, 2023.

Biggest changeA 10% adverse change in current exchange rates would not have materially affected our cash, cash equivalents, restricted cash, and short-term investment balances as of December 31, 2024. Interest Rate Risk As of December 31, 2024, we had cash and cash equivalents of $49.9 million, and short-term investments of $472.1 million.

This foreign currency exposure gives rise to market risk associated with exchange rate movements of the U.S. dollar against the NIS. Since the beginning of the war between Israel and Hamas, the volatility of NIS against the U.S. dollar has not materially affected the results of our business.

This foreign currency exposure gives rise to market risk associated with exchange rate movements of the U.S. dollar against the NIS. Since the beginning of the war between Israel, Hamas and Hezbollah, the volatility of NIS against the U.S. dollar has not materially affected the results of our business.

However, if our costs, in particular labor, sales and marketing, and hosting costs, were to become subject to inflationary pressures, we might not be able to fully offset such higher costs through price increases. Our inability or failure to do so could harm our business, financial condition, and results of operations. 66 Table of Contents

Changes in interest rates affect the interest earned on our cash and cash equivalents and marketable securities, and the market value of those securities. A hypothetical 1% increase in interest rates would not have had a material impact on their fair value as of December 31, 2023.

Our cash, cash equivalents, and short-term investments are held for working capital purposes. The primary objectives of our investment activities are the preservation of capital, the fulfillment of liquidity needs and the fiduciary control of cash. We do not enter into investments for trading or speculative purposes. Such interest-earning instruments carry a degree of interest rate risk.

The primary objectives of our investment activities are the preservation of capital, the fulfillment of liquidity needs and the fiduciary control of cash. We do not enter into investments for trading or speculative purposes. Such interest-earning instruments carry a degree of interest rate risk.

The effect of a hypothetical 10% change in foreign currency exchange rates applicable to our business, after considering our hedging programs, would not have had a material impact on our results of operations for the years ended December 31, 2023, 2022, and 2021, respectively. 65 Table of Contents Our derivatives expose us to credit risk to the extent that the counterparties may be unable to meet the terms of the agreement.

Interest Rate Risk As of December 31, 2023, we had cash and cash equivalents of $84.8 million, and short-term investments of $460.2 million. Cash and cash equivalents primarily consist of cash in banks and money market funds. Short-term investments generally consist of bank deposits, certificates of deposit, commercial paper, corporate debt securities, municipal securities, and government and agency debt.

Cash and cash equivalents primarily consist of cash in banks and money market funds. Short-term investments generally consist of bank deposits, certificates of deposit, commercial paper, corporate debt securities, municipal securities, and government and agency debt. Our cash, cash equivalents, and short-term investments are held for working capital purposes.

We seek to mitigate such risk by limiting our counterparties to major financial institutions and by spreading the risk across a number of major financial institutions. However, failure of one or more of these financial institutions is possible and could result in incurred losses.

We seek to mitigate such risk by limiting our counterparties to major financial institutions, spreading the risk across a number of major financial institutions, and closely monitoring rating downgrades.

Added

Our derivatives expose us to credit risk to the extent that the counterparties may be unable to meet the terms of the agreement. In addition, the financial institutions with which we have foreign currency contracts are primarily located in Israel, exposing us to risks related to the country's economic standing which may affect credit ratings.

Added

However, failure of one or more of these financial institutions is possible and could result in incurred losses. 64 Table of Contents As of December 31, 2024, our cash, cash equivalents, restricted cash, and short-term investments were primarily denominated in U.S. dollars.

Top changes in JFrog Ltd's 2024 10-K

Item 1. Business

Item 1A. Risk Factors

Item 2. Properties

Item 3. Legal Proceedings

Item 5. Market for Registrant's Common Equity

Item 7. Management's Discussion & Analysis

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Other FROG 10-K year-over-year comparisons