diff --git a/go.mod b/go.mod
index 8fcad1d..b0f2f10 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ toolchain go1.22.6
 require (
 	github.com/arangodb/go-driver/v2 v2.1.0
 	github.com/gofiber/fiber/v2 v2.52.5
-	github.com/ortelius/scec-commons v0.1.34
+	github.com/ortelius/scec-commons v0.1.36
 	github.com/package-url/packageurl-go v0.1.3
 	github.com/swaggo/swag v1.16.3
 	golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa
@@ -61,7 +61,7 @@ require (
 	github.com/valyala/fasthttp v1.55.0 // indirect
 	github.com/valyala/tcplisten v1.0.0 // indirect
 	golang.org/x/crypto v0.26.0 // indirect
-	golang.org/x/sys v0.23.0 // indirect
+	golang.org/x/sys v0.24.0 // indirect
 	golang.org/x/tools v0.24.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	lukechampine.com/blake3 v1.3.0 // indirect
diff --git a/go.sum b/go.sum
index 5f365c0..7ceeea9 100644
--- a/go.sum
+++ b/go.sum
@@ -77,6 +77,10 @@ github.com/multiformats/go-varint v0.0.7 h1:sWSGR+f/eu5ABZA2ZpYKBILXTTs9JWpdEM/n
 github.com/multiformats/go-varint v0.0.7/go.mod h1:r8PUYw/fD/SjBCiKOoDlGF6QawOELpZAu9eioSos/OU=
 github.com/ortelius/scec-commons v0.1.34 h1:gvt71uhQsimp/J7N758qK6E6Uw8+VzecFvoQJqEWq3Y=
 github.com/ortelius/scec-commons v0.1.34/go.mod h1:tR9iMNnuz4bAqDM70t8OSH+g0LtoA32t3HJ5w59L4Tk=
+github.com/ortelius/scec-commons v0.1.35 h1:NQ5OaCtpdoyRFBxNZMvP+beW6XhPp42+eyUjKkTMcug=
+github.com/ortelius/scec-commons v0.1.35/go.mod h1:tR9iMNnuz4bAqDM70t8OSH+g0LtoA32t3HJ5w59L4Tk=
+github.com/ortelius/scec-commons v0.1.36 h1:55f4oxCBXwZC1B8NL0Tuk511HGExu7o9U1O9UzBw5Q8=
+github.com/ortelius/scec-commons v0.1.36/go.mod h1:tR9iMNnuz4bAqDM70t8OSH+g0LtoA32t3HJ5w59L4Tk=
 github.com/package-url/packageurl-go v0.1.3 h1:4juMED3hHiz0set3Vq3KeQ75KD1avthoXLtmE3I0PLs=
 github.com/package-url/packageurl-go v0.1.3/go.mod h1:nKAWB8E6uk1MHqiS/lQb9pYBGH2+mdJ2PJc2s50dQY0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -135,6 +139,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
 golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
+golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
 golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
diff --git a/main.go b/main.go
index 27e03ab..2505cdd 100644
--- a/main.go
+++ b/main.go
@@ -260,7 +260,7 @@ func GetLicenses(keys []string) []*model.PackageLicense {
 
 		// query the packages that match the key or name
 		aql := `FOR sbom IN sbom
-			FILTER sbom._key == @key
+			FILTER sbom._key == @key OR sbom.cid == @key
 			FOR packages IN sbom.content.components
 				LET lics = LENGTH(packages.licenses) > 0
 				? (FOR lic IN packages.licenses
@@ -319,7 +319,7 @@ func Purl2Comp(dhurl string, cookies []*http.Cookie, key string) {
 	}
 
 	aql := `FOR sbom IN sbom
-			FILTER sbom._key == @key
+			FILTER sbom._key == @key OR sbom.cid == @key
 			FOR packages IN sbom.content.components
 				LET purl = packages.purl != null ? packages.purl : CONCAT("pkg:swid/", packages.swid.name, "@", packages.swid.version, "?tag_id=", packages.swid.tagId)
 
@@ -402,7 +402,7 @@ func GetCVEs(keys []string) ([]*model.PackageCVE, error) {
 		}
 
 		aql := `FOR sbom IN sbom
-				FILTER sbom._key == @key
+				FILTER sbom._key == @key OR sbom.cid == @key
 				FOR packages IN sbom.content.components
 					LET purl = packages.purl != null ? packages.purl : CONCAT("pkg:swid/", packages.swid.name, "@", packages.swid.version, "?tag_id=", packages.swid.tagId)
 
@@ -570,9 +570,17 @@ func NewSBOM(c *fiber.Ctx) error {
 
 	// for backward compatibility skip creating a NFT if the compid is part of the POST
 	// this will enable mapping of the sbom to the compid in the postgresdb
-	if sbom.Key == "" {
-		cid, dbStr := database.MakeNFT(sbom)        // normalize the object into NFTs and JSON string for db persistence
-		logger.Sugar().Infof("%s=%s\n", cid, dbStr) // log the new nft
+	saveKey := sbom.Key
+
+	cid, dbStr := database.MakeNFT(sbom) // normalize the object into NFTs and JSON string for db persistence
+
+	logger.Sugar().Infof("%s=%s\n", cid, dbStr) // log the new nft
+	sbom.Cid = cid
+
+	if saveKey == "" {
+		sbom.Key = cid
+	} else {
+		sbom.Key = saveKey
 	}
 
 	if sbom.Key == "" {