ECZ-ID Cloud & Supplier Evidence Pack
Cloud, supplier-evidence, vendor and API review with the ECZ-ID Hub.
An ECZ-ID Extension Pack: one install adds the specialists below. The pack itself adds no scanner — each specialist runs locally and independently, and you can install components on their own instead.
Useful for
Useful across many legitimate roles. Commonly used by:
- Platform, security and procurement teams
- Supplier and vendor reviewers
- Architects reviewing cloud and suppliers
Relevant when you are reviewing cloud, suppliers and vendors together, you are checking API exposure for cloud workloads.
Included extensions
- ECZ-ID Hub (
ecocitizenz.eczid) — the ECZ-ID trust cockpit — routes you to the right specialist.
- Cloud Trust (
ecocitizenz.eczid-cloud-trust) — cloud / IaC surfaces and identity references.
- Supplier Evidence Review (
ecocitizenz.eczid-counterparty-trust) — supplier and service-provider evidence.
- Vendor Risk (
ecocitizenz.eczid-vendor-risk) — vendor / supplier evidence surfaces.
- API Security (
ecocitizenz.eczid-api-security) — API surfaces and their proof posture.
Common workflows
- Review cloud / IaC trust with supplier and vendor evidence.
- Check API exposure where cloud workloads are involved.
Installation outcome
- Installs 5 ECZ-ID extensions (including the Hub) in one step.
- Every check stays free and local-first; nothing is uploaded and there is no telemetry.
- The Hub gives one cockpit; each specialist also works standalone.
Example result
ECZ-ID Cloud & Supplier Evidence Pack - installs 5 extensions
- ECZ-ID Hub
- Cloud Trust
- Supplier Evidence Review
- Vendor Risk
- API Security
Run: ECZ-ID: Show All Specialists
First-use path
- Install the pack and trust your workspace.
- Run ECZ-ID: Show All Specialists from the Hub to see what is installed.
- Run a specialist's Review / Scan Workspace and review the evidence.
Privacy & permissions
Local-first. Filenames and paths only. No source / prompt / secret upload. No telemetry. Respects VS Code Workspace Trust. Each included extension makes no safety, approval, certification or compliance claim.
FAQ
Can I install the components separately? Yes — every extension in this pack is also available on its own.
Does the pack add any new scanning? No. A pack only groups extensions; all checks come from the specialists.
Free vs supported setup
- Free, local-first: local evidence review — no sign-in and no purchase to run a check.
- Supported setup (TrustOps): maintained ECZ-ID identity, public proof and lifecycle for cloud and supplier evidence — relevant when you need a resolver-verifiable result others can check, not just local review.
- You never need to buy anything to get local value; supported setup is a separate, optional step handled entirely in TrustOps.
Machine-readable facts
| Field |
Value |
| Product |
ECZ-ID Cloud & Supplier Evidence Pack |
| Identity |
ecocitizenz.eczid-pack-cloud-counterparty |
| Publisher |
EcoCitizenz |
| License |
Free; see the bundled LICENSE.txt |
| Version |
0.1.1 |
| Page family |
extension-pack |
| Purpose |
Cloud, supplier-evidence, vendor and API review with the ECZ-ID Hub. |
| Applicable audiences |
Platform, security and procurement teams; Supplier and vendor reviewers; Architects reviewing cloud and suppliers |
| Applicable scenarios |
you are reviewing cloud, suppliers and vendors together; you are checking API exposure for cloud workloads |
| Members |
ecocitizenz.eczid, ecocitizenz.eczid-cloud-trust, ecocitizenz.eczid-counterparty-trust, ecocitizenz.eczid-vendor-risk, ecocitizenz.eczid-api-security |
| Primary command |
ECZ-ID: Show All Specialists |
| Inputs |
None — a pack contains no scanner; each member detects its own artefacts |
| Outputs |
Installs the listed extensions (including the Hub) in one step; each member produces its own outputs |
| Independent management |
Every member can be enabled, disabled or uninstalled on its own |
| Data handling |
Filenames and paths only; no source / prompt / secret upload; no telemetry; retention none |
| Network behaviour |
None — a pack runs no code; each installed extension manages its own |
| Result states |
evidence observed; evidence not observed; no public proof reference found yet; review recommended; re-check before reliance; local policy decides |
| Limitations |
Does not issue proof, approve, certify, insure, underwrite, determine compliance, or run checkout |
| Canonical machine discovery |
https://machine.ecocitizenz.org/.well-known/ecz-machine.json |
| Public proof |
https://resolver.ecocitizenz.org |
| Documentation |
https://developers.ecocitizenz.com |
| Supported setup |
https://trustops.ecocitizenz.com/start |
| Re-check |
Re-run before reliance |
Support & links
ECZ-ID is independent trust infrastructure. Third-party names describe compatible ecosystems only and do not imply endorsement or affiliation. Local policy decides whether the evidence you review is sufficient.
