Use case https://github.com/opencybersecurityalliance/PACE/pull/50 suggests retrieving SBOMs through the PES using the Posture Evaluation actuator profile. This allows both direct retrieval of stored SBOMs and translation of SBOMs from stored format to desired retrieval formats.
An additional use case is to retrieve stored SBOMs directly from the PAR using the unspecified PAR API. This allows experimentation with candidate APIs without picking a winner at this time, and supports the scalability of direct database access.
There is consensus that only the PCS and PES shall be able to create/modify/delete information in the PAR. For external access, reading information directly from the PAR shall be subject to the same access control requirements as reading that information through the PES.
Use case https://github.com/opencybersecurityalliance/PACE/pull/50 suggests retrieving SBOMs through the PES using the Posture Evaluation actuator profile. This allows both direct retrieval of stored SBOMs and translation of SBOMs from stored format to desired retrieval formats.
An additional use case is to retrieve stored SBOMs directly from the PAR using the unspecified PAR API. This allows experimentation with candidate APIs without picking a winner at this time, and supports the scalability of direct database access.
There is consensus that only the PCS and PES shall be able to create/modify/delete information in the PAR. For external access, reading information directly from the PAR shall be subject to the same access control requirements as reading that information through the PES.