Go from installer to first completed audit with the shortest safe path: EULA, trial, vault, workspace validation, zone discovery, scan execution, and findings review.
- Install sequence and first launch
- Trial activation and EULA acceptance
- Workspace validation and first scan
- Finding review baseline
Quickstart
Before you start
You need:
- a supported desktop OS
- a Cloudflare API token with read-oriented access for the surfaces you want to audit
- at least one account or zone you are allowed to inspect
If the token cannot access a surface, CF Guard Desk will report the gap instead of pretending the surface is clean.
Install the app
- Download the build for your platform from the public download page.
- Install the app.
- Launch it.
On Windows, WebView2 must be present. On macOS, unsigned beta builds may require the documented Terminal step. On Linux, prefer the native package for your distro before falling back to AppImage.
Accept the EULA and start the trial
On first launch:
- Accept the EULA.
- Confirm the local trial state.
- Continue into the vault setup flow.
The 7-day trial unlocks the full Pro workflow immediately.
Create the vault and workspace
- Create a local vault passphrase.
- Unlock the vault.
- Create a workspace for the environment or client you are auditing.
Use a separate workspace when you want clean separation between clients, staging and production, or internal and external environments.
Validate the Cloudflare connection
Add the Cloudflare API token and run validation.
Validation should confirm:
- the token is structurally valid
- the app can reach Cloudflare
- capabilities are discoverable
- zones can be listed if the token scope allows it
Run the first scan
For the first pass, use Quick Scan.
After the first Quick Scan:
- Open the dashboard.
- Check posture score and severity breakdown.
- Open the findings explorer.
- Confirm at least one finding or explicit visibility statement exists.
- Move to Full Audit when you need exportable evidence.