diff --git a/ee/app/assets/javascripts/security_configuration/components/app.vue b/ee/app/assets/javascripts/security_configuration/components/app.vue
index e5109053691abf5c0288357d5a81389167db8a91..96ff21892b5b6e8c661831be66e72305f3686b6a 100644
--- a/ee/app/assets/javascripts/security_configuration/components/app.vue
+++ b/ee/app/assets/javascripts/security_configuration/components/app.vue
@@ -171,7 +171,13 @@ export default {
       </gl-sprintf>
     </gl-alert>
 
-    <gl-table ref="securityControlTable" :items="features" :fields="fields" stacked="md">
+    <gl-table
+      ref="securityControlTable"
+      :items="features"
+      :fields="fields"
+      stacked="md"
+      :tbody-tr-attr="{ 'data-testid': 'security-scanner-row' }"
+    >
       <template #cell(feature)="{ item }">
         <div class="gl-text-gray-900">{{ item.name }}</div>
         <div>
diff --git a/ee/spec/features/projects/security/user_views_security_configuration_spec.rb b/ee/spec/features/projects/security/user_views_security_configuration_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..f850fd731d3e173a1307abe7de0649920b76d14e
--- /dev/null
+++ b/ee/spec/features/projects/security/user_views_security_configuration_spec.rb
@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'User sees Security Configuration table', :js do
+  let_it_be(:user) { create(:user) }
+  let_it_be(:project) { create(:project, :repository) }
+
+  before_all do
+    project.add_developer(user)
+  end
+
+  before do
+    sign_in(user)
+  end
+
+  context 'with security_dashboard feature available' do
+    before do
+      stub_licensed_features(security_dashboard: true)
+    end
+
+    context 'with no SAST report' do
+      it 'shows SAST is not enabled' do
+        visit(project_security_configuration_path(project))
+
+        within_sast_row do
+          expect(page).to have_text('SAST')
+          expect(page).to have_text('Not enabled')
+          expect(page).to have_css('[data-testid="enableButton"]')
+        end
+      end
+    end
+
+    context 'with SAST report' do
+      before do
+        pipeline = create(:ci_pipeline, project: project)
+        create(:ci_build, :sast, pipeline: pipeline, status: 'success')
+      end
+
+      it 'shows SAST is enabled' do
+        visit(project_security_configuration_path(project))
+
+        within_sast_row do
+          expect(page).to have_text('SAST')
+          expect(page).to have_text('Enabled')
+          expect(page).to have_css('[data-testid="configureButton"]')
+        end
+      end
+    end
+  end
+
+  def within_sast_row
+    within '[data-testid="security-scanner-row"]:nth-of-type(1)' do
+      yield
+    end
+  end
+end