diff --git a/image/templates/helm/stackrox-secured-cluster/templates/sensor.yaml.htpl b/image/templates/helm/stackrox-secured-cluster/templates/sensor.yaml.htpl
index 77b4003811b5b..546f7df2effe1 100644
--- a/image/templates/helm/stackrox-secured-cluster/templates/sensor.yaml.htpl
+++ b/image/templates/helm/stackrox-secured-cluster/templates/sensor.yaml.htpl
@@ -119,6 +119,12 @@ spec:
         {{- if ._rox.env.openshift }}
         - name: ROX_OPENSHIFT_API
           value: "true"
+        [<- if and (not .KubectlOutput) .FeatureFlags.ROX_LOCAL_IMAGE_SCANNING >]
+        - name: ROX_USE_LOCAL_SCANNER
+          value: {{ not ._rox.scanner.disable | not | not }}
+        - name: ROX_SCANNER_GRPC_ENDPOINT
+          value: {{ printf "scanner.%s.svc:8443" .Release.Namespace }}
+        [<- end >]
         {{- end}}
         [<- if not .KubectlOutput >]
         - name: ROX_HELM_CLUSTER_CONFIG_FP
diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/scanner-slim/scanner-slim.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/scanner-slim/scanner-slim.test.yaml
index a5ff94bdca6f0..ce3624039380e 100644
--- a/pkg/helm/charts/tests/securedclusterservices/testdata/scanner-slim/scanner-slim.test.yaml
+++ b/pkg/helm/charts/tests/securedclusterservices/testdata/scanner-slim/scanner-slim.test.yaml
@@ -96,3 +96,28 @@ tests:
         .serviceaccounts["scanner"] | .imagePullSecrets | assertThat(length == 5)
         .serviceaccounts["scanner"] | .imagePullSecrets[] | select(.name == "existing-secret1")
         .serviceaccounts["scanner"] | .imagePullSecrets[] | select(.name == "existing-secret2")
+
+- name: "sensor only connects to local scanner when it is enabled"
+  tests:
+  - name: "local scanner enabled"
+    set:
+      scanner.disable: false
+    expect: |
+      .deployments["sensor"].spec.template.spec.containers[0].env[] |
+        select(.name == "ROX_USE_LOCAL_SCANNER") | assertThat(.value)
+  - name: "local scanner disabled"
+    set:
+      scanner.disable: true
+    expect: |
+      .deployments["sensor"].spec.template.spec.containers[0].env[] |
+        select(.name == "ROX_USE_LOCAL_SCANNER") | assertThat(.value == false)
+
+- name: "sensor connects to local scanner using the correct GRPC endpoint"
+  release:
+    namespace: custom-ns
+  set:
+    allowNonstandardNamespace: true
+    scanner.disable: false
+  expect: |
+    .deployments["sensor"].spec.template.spec.containers[0].env[] |
+      select(.name == "ROX_SCANNER_GRPC_ENDPOINT") | assertThat(.value == "scanner.custom-ns.svc:8443")