diff --git a/policy/policy_handler/local.go b/policy/policy_handler/local.go
index d3b00b3..ab84aab 100644
--- a/policy/policy_handler/local.go
+++ b/policy/policy_handler/local.go
@@ -2,6 +2,7 @@ package policy_handler
 
 import (
 	"context"
+	"encoding/base64"
 	"fmt"
 
 	"github.com/atomist-skills/go-skill"
@@ -18,7 +19,7 @@ type SyncRequestMetadata struct {
 	QueryResults map[edn.Keyword]edn.RawMessage `edn:"fixedQueryResults"`
 	Packages     []legacy.Package               `edn:"packages"`      // todo remove when no longer used
 	User         string                         `edn:"imgConfigUser"` // The user from the image config blob // todo remove when no longer used
-	SBOM         *types.SBOM                    `edn:"sbom"`
+	SBOM         string                         `edn:"sbom"`
 }
 
 func WithLocal() Opt {
@@ -59,8 +60,19 @@ func buildLocalDataSources(ctx context.Context, req skill.RequestContext, _ goal
 		return nil, fmt.Errorf("failed to unmarshal SyncRequest metadata: %w", err)
 	}
 
-	if srMeta.SBOM != nil {
-		srMeta.QueryResults = legacy.BuildLocalEvalMocks(srMeta.SBOM, req.Log)
+	req.Log.Infof("SBOM from SyncRequest metadata: %+v", srMeta.SBOM)
+	if srMeta.SBOM != "" {
+		req.Log.Infof("Base64-decoding SBOM from SyncRequest metadata")
+		decodedSBOM, err := base64.StdEncoding.DecodeString(srMeta.SBOM)
+		if err != nil {
+			return nil, fmt.Errorf("failed to base64-decode SBOM: %w", err)
+		}
+		req.Log.Infof("Unmarshalling SBOM from SyncRequest metadata")
+		var sbom *types.SBOM
+		if err := edn.Unmarshal(decodedSBOM, &sbom); err != nil {
+			return nil, fmt.Errorf("failed to unmarshal SBOM: %w", err)
+		}
+		srMeta.QueryResults = legacy.BuildLocalEvalMocks(sbom, req.Log)
 	}
 
 	fixedQueryResults := map[string][]byte{}