diff --git a/.github/workflows/snyk-docker-vulnerability-scan.yml b/.github/workflows/snyk-docker-vulnerability-scan.yml
index 4578ba6..6a32490 100644
--- a/.github/workflows/snyk-docker-vulnerability-scan.yml
+++ b/.github/workflows/snyk-docker-vulnerability-scan.yml
@@ -32,6 +32,8 @@ jobs:
         args: --file=Dockerfile
     - name: Output sarif file
       run: cat snyk.sarif
+    - name: fix security-severity "null" to "0" for valid sarif format
+      run: sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
     - name: Upload result to GitHub Code Scanning
       uses: github/codeql-action/upload-sarif@v4
       with: