diff --git a/src/lib/formatters/open-source-sarif-output.ts b/src/lib/formatters/open-source-sarif-output.ts
index 33b190c4647..2cefb40e62d 100644
--- a/src/lib/formatters/open-source-sarif-output.ts
+++ b/src/lib/formatters/open-source-sarif-output.ts
@@ -88,7 +88,7 @@ ${vuln.description}`.replace(/##\s/g, '# '),
             testResult.packageManager!,
           ],
           cvssv3_baseScore: vuln.cvssScore, // AWS
-          'security-severity': vuln.cvssScore, // GitHub
+          'security-severity': String(vuln.cvssScore), // GitHub
         },
       };
     },
diff --git a/src/lib/formatters/sarif-output.ts b/src/lib/formatters/sarif-output.ts
index 44976c93b7f..4b97a2bfda9 100644
--- a/src/lib/formatters/sarif-output.ts
+++ b/src/lib/formatters/sarif-output.ts
@@ -83,7 +83,7 @@ export function getTool(testResult): sarif.Tool {
             testResult.packageManager!,
           ],
           cvssv3_baseScore: vuln.cvssScore, // AWS
-          'security-severity': vuln.cvssScore, // GitHub
+          'security-severity': String(vuln.cvssScore), // GitHub
         },
       };
     })
diff --git a/test/fixtures/docker/sarif-container-result.json b/test/fixtures/docker/sarif-container-result.json
index 427742d497b..c5d9d1ad956 100644
--- a/test/fixtures/docker/sarif-container-result.json
+++ b/test/fixtures/docker/sarif-container-result.json
@@ -31,7 +31,7 @@
                   "deb"
                 ],
                 "cvssv3_baseScore": 6.5,
-                "security-severity": 6.5
+                "security-severity": "6.5"
               }
             }
           ]
diff --git a/test/fixtures/docker/sarif-with-file-container-result.json b/test/fixtures/docker/sarif-with-file-container-result.json
index 40043d379b6..4b5eda55066 100644
--- a/test/fixtures/docker/sarif-with-file-container-result.json
+++ b/test/fixtures/docker/sarif-with-file-container-result.json
@@ -31,7 +31,7 @@
                   "deb"
                 ],
                 "cvssv3_baseScore": 6.5,
-                "security-severity": 6.5
+                "security-severity": "6.5"
               }
             }
           ]
diff --git a/test/jest/acceptance/snyk-test/output-formats/sarif.spec.ts b/test/jest/acceptance/snyk-test/output-formats/sarif.spec.ts
index f23f67a47e2..0227d0725df 100644
--- a/test/jest/acceptance/snyk-test/output-formats/sarif.spec.ts
+++ b/test/jest/acceptance/snyk-test/output-formats/sarif.spec.ts
@@ -51,7 +51,7 @@ describe('snyk test --sarif', () => {
 
     expect(stdout).toContain('"artifactsScanned": 1');
     expect(stdout).toContain('"cvssv3_baseScore": 5.3');
-    expect(stdout).toContain('"security-severity": 5.3');
+    expect(stdout).toContain('"security-severity": "5.3"');
     expect(stdout).toContain('"fullyQualifiedName": "lodash@4.17.15"');
     expect(stdout).toContain('Upgrade to lodash@4.17.17');
   });
diff --git a/test/jest/unit/lib/formatters/__snapshots__/open-source-sarif-output.spec.ts.snap b/test/jest/unit/lib/formatters/__snapshots__/open-source-sarif-output.spec.ts.snap
index 406484105bb..a0bf39e4908 100644
--- a/test/jest/unit/lib/formatters/__snapshots__/open-source-sarif-output.spec.ts.snap
+++ b/test/jest/unit/lib/formatters/__snapshots__/open-source-sarif-output.spec.ts.snap
@@ -79,7 +79,7 @@ Object {
               "id": "SNYK-JS-AJV-584908",
               "properties": Object {
                 "cvssv3_baseScore": 7.5,
-                "security-severity": 7.5,
+                "security-severity": "7.5",
                 "tags": Array [
                   "security",
                   "CWE-400",
diff --git a/test/jest/unit/lib/formatters/__snapshots__/sarif-output.spec.ts.snap b/test/jest/unit/lib/formatters/__snapshots__/sarif-output.spec.ts.snap
index afcd86e15af..275a3dd0e57 100644
--- a/test/jest/unit/lib/formatters/__snapshots__/sarif-output.spec.ts.snap
+++ b/test/jest/unit/lib/formatters/__snapshots__/sarif-output.spec.ts.snap
@@ -71,7 +71,7 @@ In libexpat in Expat before 2.2.7, XML input including XML names that contain a
               "id": "SNYK-LINUX-EXPAT-450908",
               "properties": Object {
                 "cvssv3_baseScore": 7.5,
-                "security-severity": 7.5,
+                "security-severity": "7.5",
                 "tags": Array [
                   "security",
                   "CWE-611",
@@ -162,7 +162,7 @@ In libexpat in Expat before 2.2.7, XML input including XML names that contain a
               "id": "SNYK-LINUX-EXPAT-450908",
               "properties": Object {
                 "cvssv3_baseScore": 7.5,
-                "security-severity": 7.5,
+                "security-severity": "7.5",
                 "tags": Array [
                   "security",
                   "npm",
@@ -252,7 +252,7 @@ In libexpat in Expat before 2.2.7, XML input including XML names that contain a
               "id": "SNYK-LINUX-EXPAT-450908",
               "properties": Object {
                 "cvssv3_baseScore": 7.5,
-                "security-severity": 7.5,
+                "security-severity": "7.5",
                 "tags": Array [
                   "security",
                   "CWE-611",