diff --git a/ee/app/assets/javascripts/vue_shared/security_reports/store/utils.js b/ee/app/assets/javascripts/vue_shared/security_reports/store/utils.js
index 820fdb97d438f96a75ab60dd67bbe0a19618dea7..68d72c8572ba91cbb209a8ba69d3df5946772b88 100644
--- a/ee/app/assets/javascripts/vue_shared/security_reports/store/utils.js
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/store/utils.js
@@ -79,7 +79,7 @@ export const parseDependencyScanningIssues = (issues = [], feedbacks = [], path
       ...issue,
       category: 'dependency_scanning',
       // TODO: replace with issue.project_fingerprint
-      project_fingerprint: sha1(issue.cve),
+      project_fingerprint: sha1(issue.cve || issue.message),
       name: issue.message,
       path: issue.file,
       urlPath: issue.line ? `${path}/${issue.file}#L${issue.line}` : `${path}/${issue.file}`,
diff --git a/spec/javascripts/vue_shared/security_reports/store/utils_spec.js b/spec/javascripts/vue_shared/security_reports/store/utils_spec.js
index 4cb0b6dcbdd4f8165139edf5232d231e6a311dac..7d2febf1cefc9ed97266766de6ff9d9f85682d01 100644
--- a/spec/javascripts/vue_shared/security_reports/store/utils_spec.js
+++ b/spec/javascripts/vue_shared/security_reports/store/utils_spec.js
@@ -80,6 +80,15 @@ describe('security reports utils', () => {
       expect(parsed.project_fingerprint).toEqual(sha1(dependencyScanningIssues[0].cve));
     });
 
+    it('uses message to generate sha1 when cve is undefined', () => {
+      const issuesWithoutCve = dependencyScanningIssues.map(issue => ({
+        ...issue,
+        cve: undefined,
+      }));
+      const parsed = parseDependencyScanningIssues(issuesWithoutCve, [], 'path')[0];
+      expect(parsed.project_fingerprint).toEqual(sha1(dependencyScanningIssues[0].message));
+    });
+
     it('includes vulnerability feedbacks', () => {
       const parsed = parseDependencyScanningIssues(
         dependencyScanningIssues,