diff --git a/scanpipe/models.py b/scanpipe/models.py
index 8a5027946..9407e2e22 100644
--- a/scanpipe/models.py
+++ b/scanpipe/models.py
@@ -3339,13 +3339,11 @@ def prefetch_for_serializer(self):
         `DiscoveredDependencySerializer`.
         Only the fields required by the serializer are fetched on the relations.
         """
+        manager = DiscoveredPackage.objects
         return self.prefetch_related(
-            Prefetch(
-                "for_package", queryset=DiscoveredPackage.objects.only("package_uid")
-            ),
-            Prefetch(
-                "datafile_resource", queryset=CodebaseResource.objects.only("path")
-            ),
+            Prefetch("for_package", queryset=manager.only("package_uid")),
+            Prefetch("resolved_to_package", queryset=manager.only("package_uid")),
+            Prefetch("datafile_resource", queryset=manager.only("path")),
         )
 
 
diff --git a/scanpipe/pipes/output.py b/scanpipe/pipes/output.py
index df093bdad..0d0d6b81d 100644
--- a/scanpipe/pipes/output.py
+++ b/scanpipe/pipes/output.py
@@ -675,24 +675,21 @@ def get_cyclonedx_bom(project):
         ],
     )
 
-    components = []
     vulnerabilities = []
-    for package in get_queryset(project, "discoveredpackage"):
+
+    package_qs = get_queryset(project, "discoveredpackage")
+    package_qs = package_qs.prefetch_related("children_packages")
+
+    for package in package_qs:
         component = package.as_cyclonedx()
-        components.append(component)
+        bom.components.add(component)
+        bom.register_dependency(project_as_root_component, [component])
 
         for vulnerability_data in package.affected_by_vulnerabilities:
             vulnerabilities.append(
-                vulnerability_as_cyclonedx(
-                    vulnerability_data=vulnerability_data,
-                    component_bom_ref=component.bom_ref,
-                )
+                vulnerability_as_cyclonedx(vulnerability_data, component.bom_ref)
             )
 
-    for component in components:
-        bom.components.add(component)
-        bom.register_dependency(project_as_root_component, [component])
-
     bom.vulnerabilities = vulnerabilities
 
     return bom
diff --git a/scanpipe/tests/test_models.py b/scanpipe/tests/test_models.py
index a156fc24f..e152cd542 100644
--- a/scanpipe/tests/test_models.py
+++ b/scanpipe/tests/test_models.py
@@ -2165,6 +2165,8 @@ def test_scanpipe_package_model_integrity_with_toolkit_package_model(self):
             "tag",
             "declared_dependencies",
             "resolved_from_dependencies",
+            "parent_packages",
+            "children_packages",
         ]
 
         package_data_only_field = ["datasource_id", "dependencies"]