Quickstart: Foundry CLI

Learn how to create a basic “Hello World” app with the Foundry CLI. This guide walks through the complete app-making process in nine steps.

The Falcon console App builder is excellent for prototyping and visual workflow design. The CLI enables version control, code review, CI/CD, and AI-assisted development. For more info about creating and managing apps in the Foundry UI, see Quickstart: Falcon Console.

Prerequisites

Default roles: App User, App Developer, or Falcon Administrator
Tools: A code editor is required
Knowledge: A basic understanding of command-line interfaces (CLI) is helpful

Step 1: Install the Foundry CLI

Foundry has both a graphical user interface and a command-line interface. You need the CLI to add certain app capabilities and artifacts, so the first step is to install it.

Install with Homebrew (macOS and Linux)

Install Homebrew.
Add the Foundry CLI brew tap:
Terminal window
```
brew tap crowdstrike/foundry-cli
```

Install the Foundry CLI:

brew install crowdstrike/foundry-cli/foundry

Verify that the CLI is installed:
Terminal window
```
foundry version
```

Tip: Keep the Foundry CLI up to date with: brew update && brew upgrade crowdstrike/foundry-cli/foundry

Install with Scoop (Windows)

Install Scoop.

Add the Foundry CLI bucket:

scoop bucket add foundry https://github.com/crowdstrike/scoop-foundry-cli.git

Install the Foundry CLI:
Terminal window
```
scoop install foundry
```
Verify that the CLI is installed:
Terminal window
```
foundry version
```

Install without a package manager

Download, extract, and run the archive file for your operating system:

macOS:

Linux:

Windows:

Windows (x86_64)

Extract the archive and add the foundry binary to your PATH environment variable, then verify with foundry version.

Configuration for US-GOV-1

To use the Foundry CLI in US-GOV-1, set these environment variables after installation:

export FOUNDRY_UI_DOMAIN="https://falcon.laggar.gcw.crowdstrike.com"
export FOUNDRY_API_GW_DOMAIN="https://api.laggar.gcw.crowdstrike.com"

Step 2: Create a CLI profile

The Foundry CLI communicates with the Falcon console through a set of APIs. To run commands with the Foundry CLI, you need a CLI profile.

Run:
Terminal window
```
foundry login
```
A form opens in your browser.
Log in to the Falcon console if necessary.

Tip: If you use single sign-on, make sure you’re logged in with SSO, then go directly to the URL output by foundry login.

In the form, select the permissions your app needs. Select the minimum set of required permissions — you can add more later.
By default, your profile has the same name as your CID. We suggest including your username in the Profile name so that other users can identify it.
Click Authorize Foundry CLI. You should see: Great! Your CLI is authorized to begin developing apps.

Tip: You can create multiple CLI profiles for different accounts or contexts. Each profile is associated with a specific CrowdStrike CID with its own credentials and scopes.

Foundry CLI environment variables

You can also store credentials as environment variables (these override local credentials):

Variable	Description
`FOUNDRY_API_CLIENT_ID`	The API client ID
`FOUNDRY_API_CLIENT_SECRET`	The API client secret
`FOUNDRY_CID`	For managing multiple CIDs with environment variables
`FOUNDRY_CLOUD_REGION`	Available values: us-1, us-2, eu-1, us-gov-1, us-gov-2

Step 3: Create an app

foundry apps create

Provide this info when prompted:

Do you want to use app templates? (y/N): Press Enter (default N)
Name: my-first-app
Description: My first Foundry app (optional)
Logo: Press Enter to skip (optional)

Your new app directory contains a single file, manifest.yml — your app’s blueprint. As you add capabilities, subdirectories are created and the manifest grows.

Tip: Add --no-prompt to turn off prompts for optional flags.

Step 4: Create a UI extension

Change to your app’s directory:
Terminal window
```
cd my-first-app
```
Run:
Terminal window
```
foundry ui extensions create
```
Provide this info when prompted:
- Which template would you like to start with? Vanilla JS
- Name: My First Extension
- Description: UI extension for Endpoint Detections page
For Sockets, use the arrow keys to highlight Endpoint detection details, press spacebar to select it (marked with [X]), and press Enter.

Sockets are predefined locations within the Falcon console where your extension is rendered. Selecting Endpoint detection details means your app will appear on the detections detail panel.

Step 5: Run your app locally

From your app directory, run:

foundry ui run

Output:

Starting a local development server at http://localhost:25678. Enter Ctrl-C to shutdown

In the Falcon console, click Developer tools in the toolbar and enable Development mode.
Go to Endpoint security > Monitor > Endpoint detections.
Select any incident to see its details panel and scroll down to see your My First Extension section.

Changes you make to your code are immediately reflected while in development mode.

Step 6: Deploy your app

Shut down the local server (Ctrl+C).
Run:
Terminal window
```
foundry apps deploy
```
When prompted:
- Change Type: Major
- Change log: Initial deployment with UI extension

Step 7: Test your app

Copy the link from the deploy output and open it in your browser.
Verify the Status shows Deployed.
Turn off Development mode in the Developer tools menu.
On the Deployments tab, select Preview deployment from the Open menu.
Verify your extension is visible on the endpoint detections page.

Step 8: Release your app

foundry apps release

When prompted:

Change Type: Major
Change log: Initial release

Your app will show status Released with version v1.0.0.

Step 9: Install your app

Go to Foundry > App catalog.
Find your app and click Install now.
Click Save and install.

Releases marked Minor and Patch are updated in the catalog automatically. Releases marked Major must be accepted manually.

Next steps

CLI Reference — Complete command reference
App Manifest Reference — manifest.yml schema
Functions: Foundry CLI — Write serverless functions
Deploy an App Template — Deploy a pre-built template