diff --git a/ee/app/controllers/projects/dependencies_controller.rb b/ee/app/controllers/projects/dependencies_controller.rb
index 093212e0d21f43a7dd41c4fd4fcfe469da23f0ca..89820191c00c4a9a53e7025a546483c74bfa3a9b 100644
--- a/ee/app/controllers/projects/dependencies_controller.rb
+++ b/ee/app/controllers/projects/dependencies_controller.rb
@@ -39,7 +39,7 @@ def user_requested_filters_that_they_cannot_see?
     def collect_dependencies
       return [] if not_able_to_collect_dependencies?
 
-      if Feature.enabled?(:project_level_sbom_occurrences, project)
+      if project_level_sbom_occurrences_enabled?
         dependencies_finder.execute.with_component.with_version.with_source
       else
         ::Security::DependencyListService.new(pipeline: pipeline, params: dependency_list_params).execute
@@ -63,7 +63,6 @@ def dependency_list_params
     end
 
     def report_service
-      job_artifacts = ::Ci::JobArtifact.of_report_type(:dependency_list)
       @report_service ||= ::Security::ReportFetchService.new(project, job_artifacts)
     end
 
@@ -85,5 +84,14 @@ def render_not_authorized
         end
       end
     end
+
+    def project_level_sbom_occurrences_enabled?
+      Feature.enabled?(:project_level_sbom_occurrences, project)
+    end
+
+    def job_artifacts
+      report_type = project_level_sbom_occurrences_enabled? ? :sbom : :dependency_list
+      ::Ci::JobArtifact.of_report_type(report_type)
+    end
   end
 end
diff --git a/ee/spec/requests/projects/dependencies_controller_spec.rb b/ee/spec/requests/projects/dependencies_controller_spec.rb
index de0c93810d486265fbd02859ebe64c71ee31073a..7f1026b816fce226e76837ed7adf320d756e0a05 100644
--- a/ee/spec/requests/projects/dependencies_controller_spec.rb
+++ b/ee/spec/requests/projects/dependencies_controller_spec.rb
@@ -155,8 +155,8 @@
 
         context 'with found cyclonedx report' do
           let(:user) { developer }
-          let(:pipeline) { create(:ee_ci_pipeline, :with_dependency_list_report, project: project) }
-
+          let(:pipeline) { create(:ee_ci_pipeline, report_type, project: project) }
+          let(:report_type) { :with_dependency_list_report }
           let(:build) { create(:ee_ci_build, :success, :cyclonedx, pipeline: pipeline) }
 
           before do
@@ -194,6 +194,22 @@
               expect { get project_dependencies_path(project, **params, format: :json) }
                 .not_to exceed_query_limit(control_count)
             end
+
+            context 'without cyclonedx artifacts' do
+              let(:build) { create(:ee_ci_build, :success, :dependency_scanning, pipeline: pipeline) }
+
+              it 'does not returns any data due to job not being present' do
+                expect(json_response).to eq({ "report" => { "status" => "job_not_set_up" }, "dependencies" => [] })
+              end
+            end
+
+            context 'with only cyclonedx artifacts' do
+              let(:report_type) { :with_cyclonedx_report }
+
+              it 'returns data based on sbom occurrences' do
+                expect(json_response['dependencies']).to match_array(hash_including('occurrence_id' => occurrence.id))
+              end
+            end
           end
         end