diff --git a/ee/app/services/security/store_report_service.rb b/ee/app/services/security/store_report_service.rb
index bc8217fb1fe79462a07eee7e9a4f50f95d216993..5e8b04cbed75ac5f433e0245048def197ee91892 100644
--- a/ee/app/services/security/store_report_service.rb
+++ b/ee/app/services/security/store_report_service.rb
@@ -48,6 +48,7 @@ def create_vulnerability_finding(finding)
       end
 
       vulnerability_params = finding.to_hash.except(:compare_key, :identifiers, :location, :scanner, :scan, :links)
+      vulnerability_params[:uuid] = calculate_uuid_v5(finding)
       vulnerability_finding = create_or_find_vulnerability_finding(finding, vulnerability_params)
 
       update_vulnerability_scanner(finding)
@@ -81,8 +82,6 @@ def create_or_find_vulnerability_finding(finding, create_params)
           .create_with(create_params)
           .find_or_initialize_by(find_params)
 
-        vulnerability_finding.uuid = calculcate_uuid_v5(vulnerability_finding, find_params)
-
         vulnerability_finding.save!
         vulnerability_finding
       rescue ActiveRecord::RecordNotUnique
@@ -92,11 +91,11 @@ def create_or_find_vulnerability_finding(finding, create_params)
       end
     end
 
-    def calculcate_uuid_v5(vulnerability_finding, finding_params)
+    def calculate_uuid_v5(vulnerability_finding)
       uuid_v5_name_components = {
         report_type: vulnerability_finding.report_type,
-        primary_identifier_fingerprint: vulnerability_finding.primary_identifier&.fingerprint || finding_params.dig(:primary_identifier, :fingerprint),
-        location_fingerprint: vulnerability_finding.location_fingerprint,
+        primary_identifier_fingerprint: vulnerability_finding.primary_fingerprint,
+        location_fingerprint: vulnerability_finding.location.fingerprint,
         project_id: project.id
       }
 
@@ -106,8 +105,6 @@ def calculcate_uuid_v5(vulnerability_finding, finding_params)
 
       name = uuid_v5_name_components.values.join('-')
 
-      Gitlab::AppLogger.debug(message: "Generating UUIDv5 with name: #{name}") if Gitlab.dev_env_or_com?
-
       Gitlab::Vulnerabilities::CalculateFindingUUID.call(name)
     end
 
diff --git a/ee/lib/gitlab/ci/reports/security/finding.rb b/ee/lib/gitlab/ci/reports/security/finding.rb
index d0471861688f83ac2a2477fb7de5fb74846ff4cf..b3c2a15330f72e78f95d2f3d090a9a267dbb15fd 100644
--- a/ee/lib/gitlab/ci/reports/security/finding.rb
+++ b/ee/lib/gitlab/ci/reports/security/finding.rb
@@ -97,8 +97,6 @@ def keys
             end
           end
 
-          protected
-
           def primary_fingerprint
             primary_identifier&.fingerprint
           end
diff --git a/ee/spec/services/security/store_report_service_spec.rb b/ee/spec/services/security/store_report_service_spec.rb
index bfc8b5cbc43118005efdf0f47db7deb999886c66..1b5301978c7a92f0e7b5eb907b86c9e024772973 100644
--- a/ee/spec/services/security/store_report_service_spec.rb
+++ b/ee/spec/services/security/store_report_service_spec.rb
@@ -2,6 +2,19 @@
 
 require 'spec_helper'
 
+UUID_REGEXP = Regexp.new("^([0-9a-f]{8})-([0-9a-f]{4})-([0-9a-f]{4})-" \
+                         "([0-9a-f]{2})([0-9a-f]{2})-([0-9a-f]{12})$").freeze
+
+RSpec::Matchers.define :be_uuid_v5 do
+  match do |string|
+    expect(string).to be_a(String)
+
+    uuid_components = string.downcase.scan(UUID_REGEXP).first
+    time_hi_and_version = uuid_components[2].to_i(16)
+    (time_hi_and_version >> 12) == 5
+  end
+end
+
 RSpec.describe Security::StoreReportService, '#execute' do
   let_it_be(:user) { create(:user) }
   let(:artifact) { create(:ee_ci_job_artifact, trait) }
@@ -57,7 +70,9 @@
       end
 
       it 'calculates UUIDv5 for all findings' do
-        expect(Vulnerabilities::Finding.pluck(:uuid)).to all(be_a(String))
+        subject
+        uuids = Vulnerabilities::Finding.pluck(:uuid)
+        expect(uuids).to all(be_uuid_v5)
       end
     end