diff --git a/ee/spec/features/merge_request/user_sees_security_policy_rules_scan_findings_spec.rb b/ee/spec/features/merge_request/user_sees_security_policy_rules_scan_findings_spec.rb
index b355b1df93338b6a2f3a98b522e4b7dbd7fb1e2b..515d7ee26288dd93b5a96490388ce287b388da82 100644
--- a/ee/spec/features/merge_request/user_sees_security_policy_rules_scan_findings_spec.rb
+++ b/ee/spec/features/merge_request/user_sees_security_policy_rules_scan_findings_spec.rb
@@ -176,7 +176,8 @@
 
       before do
         allow(::Vulnerabilities::TriggerFalsePositiveDetectionWorkflowWorker).to receive(:perform_async)
-        create(:vulnerabilities_finding, :detected, project: project)
+        finding = create(:vulnerabilities_finding, project: project)
+        create(:vulnerability, :detected, project: project, vulnerability_finding: finding, findings: [finding])
         create_policy_setup
       end