diff --git a/.github/actions/publish/action.yml b/.github/actions/publish/action.yml
deleted file mode 100644
index 4773f3f3..00000000
--- a/.github/actions/publish/action.yml
+++ /dev/null
@@ -1,55 +0,0 @@
-inputs:
-  version:
-    required: true
-    type: string
-    description: 'Three digits version like 5.6.0'
-  MARKETPLACE_TOKEN:
-    required: true
-    type: string
-  NUGET_TOKEN:
-    required: true
-    type: string
-
-runs:
-  using: "composite"
-  steps:        
-    - name: Zip security-scan 4.x
-      shell: bash
-      run: 7z a security-scan4x.zip "./SecurityCodeScan.Tool/.NET 4.x/bin/Release/net48/*"
-        
-    - name: Create draft release
-      uses: softprops/action-gh-release@8a65c813553f4d05769635eb1b70180d25b9b61b
-      with:
-        draft: true
-        name: ${{inputs.version}}
-        tag_name: ${{inputs.version}}
-        fail_on_unmatched_files: true
-        files: |
-          ./SecurityCodeScan/bin/Release/**/*.nupkg
-          ./SecurityCodeScan.Vsix/bin/Release/*.vsix
-          ./SecurityCodeScan.Tool/.NET Core/bin/Release/*.nupkg
-          security-scan4x.zip
-
-    - name: Publish vsix
-      shell: powershell
-      env:
-        marketplace_token: ${{ inputs.MARKETPLACE_TOKEN }}
-      run: |
-        Write-Host "Pushing to visual studio market place"
-        $visualStudioInstallation = & "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" -latest -products * -requires Microsoft.VisualStudio.Component.VSSDK -property installationPath
-        $vsixPublisher = Join-Path $visualStudioInstallation 'VSSDK\VisualStudioIntegration\Tools\Bin\VsixPublisher.exe'
-        & $vsixPublisher login -publisherName JaroslavLobacevski -personalAccessToken $env:marketplace_token
-        $vsix = Get-ChildItem -File .\SecurityCodeScan.Vsix\bin -recurse | Where-Object { $_.Extension -eq ".vsix" } | Select-Object -First 1 -ExpandProperty FullName
-        $ManifestPath = ".\SecurityCodeScan.Vsix\marketplace.json"
-        & $vsixPublisher publish -payload $vsix -publishManifest $ManifestPath -personalAccessToken $env:marketplace_token
-        # currently vsixpublisher.exe throws non critical telemetry exception but does the job done
-        # force successful exit code
-        [Environment]::Exit(0)
-        
-    - name: Publish nugets
-      shell: bash
-      env:
-        nuget_token: ${{ inputs.NUGET_TOKEN }}
-      run: |
-        dotnet nuget push "./SecurityCodeScan/bin/Release/netstandard2.0/SecurityCodeScan.VS2019.${{inputs.version}}.nupkg" -k $nuget_token -s https://api.nuget.org/v3/index.json
-        dotnet nuget push "./SecurityCodeScan.Tool/.NET Core/bin/Release/security-scan.${{inputs.version}}.nupkg" -k $nuget_token -s https://api.nuget.org/v3/index.json
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index c1c5d01f..dd741616 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,3 +1,4 @@
+name: "Reusable build"
 on:
   workflow_call:
     inputs:
@@ -7,15 +8,12 @@ on:
       configuration:
         required: true
         type: string
-      publish:
+      makeartifacts:
         required: false
         type: boolean
         default: false
-    secrets:
-      MARKETPLACE_TOKEN:
-        required: false
-      NUGET_TOKEN:
-        required: false
+
+permissions: {}
 
 jobs:
   build:
@@ -27,16 +25,17 @@ jobs:
       DOTNET_CLI_TELEMETRY_OPTOUT: 1
 
     steps:
+
     - name: Checkout
       uses: actions/checkout@v2
       with:
-        fetch-depth: 0
         persist-credentials: false
 
     - name: Setup .NET SDK
       uses: actions/setup-dotnet@v1
       with:
         dotnet-version: |
+          3.1.x
           5.0.x
           6.0.x
         include-prerelease: false
@@ -56,14 +55,23 @@ jobs:
       run: msbuild -m $env:Solution_Name /p:Configuration=$env:Configuration
       env:
         Configuration: ${{ inputs.configuration }}
- 
+
     - name: Run Tests
       run: vstest.console.exe ./SecurityCodeScan.Test/bin/${{ inputs.configuration }}/SecurityCodeScan.Test.dll
 
-    - name: Publish
-      if: ${{ inputs.publish }}
-      uses: ./.github/actions/publish
-      with: 
-        version: ${{ inputs.version }}
-        MARKETPLACE_TOKEN: ${{ secrets.MARKETPLACE_TOKEN }}
-        NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}
+    - name: Zip security-scan 4.x
+      if: ${{ inputs.makeartifacts }}
+      shell: bash
+      run: 7z a security-scan4x.zip "./SecurityCodeScan.Tool/.NET 4.x/bin/Release/net48/*"
+
+    - name: Upload artifacts
+      if: ${{ inputs.makeartifacts }}
+      uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
+      with:
+        retention-days: 1
+        name: packages
+        path: |
+          security-scan4x.zip
+          ./SecurityCodeScan/bin/Release/**/*.nupkg
+          ./SecurityCodeScan.Vsix/bin/Release/*.vsix
+          ./SecurityCodeScan.Tool/.NET Core/bin/Release/*.nupkg
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3b9df08c..33f75642 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -4,6 +4,10 @@ name: Build
 on:
   push:
 
+concurrency: 
+  group: onpush
+  cancel-in-progress: true
+
 jobs:
   debug:
     uses: security-code-scan/security-code-scan/.github/workflows/build.yml@vs2019
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index fa15ff65..2be5f40a 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -1,3 +1,4 @@
+name: "Pull request"
 on:
   pull_request:
 
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 00000000..9047c176
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,82 @@
+name: "2. Publish"
+on:
+  release:
+    types: [published]
+
+permissions: {}
+
+jobs:
+  release-notes:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+
+    - uses: actions/checkout@v2
+      with:
+        ref: vs2019
+        persist-credentials: true
+
+    - name: Append release body to release notes
+      env:
+        release_notes: ${{github.event.release.body}}
+      run: |
+        git config --global user.email "octokit@github.com"
+        git config --global user.name "Octokit"
+        head --lines=2 website/releasenotes.md > website/new_releasenotes.md
+        echo "$release_notes" >> website/new_releasenotes.md
+        tail --lines=+2 website/releasenotes.md >> website/new_releasenotes.md
+        mv website/new_releasenotes.md website/releasenotes.md
+        sed -i 's/<AssemblyVersionNumber>[0-9]\.[0-9]\.[0-9]\.[0-9]<\/AssemblyVersionNumber>/<AssemblyVersionNumber>${{github.event.release.tag_name}}.9<\/AssemblyVersionNumber>/g' Directory.Build.props
+        git add .
+        git commit -a -m "Update release notes & bump dev version"
+        git push
+      shell: bash
+
+  publish:
+    needs: [release-notes]
+    runs-on: windows-2022
+    steps:
+
+    - uses: actions/checkout@v2
+      with:
+        persist-credentials: false
+
+    - name: Download artifacts
+      uses: dsaltares/fetch-gh-release-asset@c3deec3cfc2231c6f842eef6d624b55223743c43
+      with:
+        file: 'security-scan.${{github.event.release.tag_name}}.nupkg'
+
+    - name: Download artifacts
+      uses: dsaltares/fetch-gh-release-asset@c3deec3cfc2231c6f842eef6d624b55223743c43
+      with:
+        file: 'SecurityCodeScan.VS2019.${{github.event.release.tag_name}}.nupkg'
+
+    - name: Download artifacts
+      uses: dsaltares/fetch-gh-release-asset@c3deec3cfc2231c6f842eef6d624b55223743c43
+      with:
+        file: 'SecurityCodeScan.VS2019.Vsix.vsix'
+
+    - name: Publish vsix
+      shell: powershell
+      env:
+        marketplace_token: ${{ secrets.MARKETPLACE_TOKEN }}
+      run: |
+        Write-Host "Pushing to visual studio market place"
+        $visualStudioInstallation = & "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" -latest -products * -requires Microsoft.VisualStudio.Component.VSSDK -property installationPath
+        $vsixPublisher = Join-Path $visualStudioInstallation 'VSSDK\VisualStudioIntegration\Tools\Bin\VsixPublisher.exe'
+        & $vsixPublisher login -publisherName JaroslavLobacevski -personalAccessToken $env:marketplace_token
+        $vsix =  Get-ChildItem -File SecurityCodeScan.VS2019.Vsix.vsix -recurse | Select-Object -First 1 -ExpandProperty FullName
+        $ManifestPath = ".\SecurityCodeScan.Vsix\marketplace.json"
+        & $vsixPublisher publish -payload $vsix -publishManifest $ManifestPath -personalAccessToken $env:marketplace_token
+        # currently vsixpublisher.exe throws non critical telemetry exception but does the job done
+        # force successful exit code
+        [Environment]::Exit(0)
+
+    - name: Publish nugets
+      shell: bash
+      env:
+        nuget_token: ${{ secrets.NUGET_TOKEN }}
+      run: |
+        dotnet nuget push "SecurityCodeScan.VS2019.${{github.event.release.tag_name}}.nupkg" -k $nuget_token -s https://api.nuget.org/v3/index.json
+        dotnet nuget push "security-scan.${{github.event.release.tag_name}}.nupkg" -k $nuget_token -s https://api.nuget.org/v3/index.json
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 56c25364..ecf1dd6b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,3 +1,4 @@
+name: "1. Make release draft"
 on:
   workflow_dispatch:
     inputs:
@@ -6,13 +7,39 @@ on:
         required: true
         type: string
 
+permissions: {}
+
 jobs:
-  release:
+  build:
     uses: security-code-scan/security-code-scan/.github/workflows/build.yml@vs2019
     with:
-      version: ${{ github.event.inputs.version }}
       configuration: Release
-      publish: true
-    secrets:
-      MARKETPLACE_TOKEN: ${{ secrets.MARKETPLACE_TOKEN }}
-      NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}
+      version: ${{inputs.version}}
+      makeartifacts: true
+
+  release:
+    permissions:
+      contents: write
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Download artifacts
+      uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
+      with:
+        name: packages
+        path: artifacts
+
+    - name: Create draft release
+      uses: softprops/action-gh-release@8a65c813553f4d05769635eb1b70180d25b9b61b
+      with:
+        draft: true
+        name: ${{inputs.version}}
+        tag_name: ${{inputs.version}}
+        fail_on_unmatched_files: true
+        generate_release_notes: false
+        files: |
+          ./artifacts/security-scan4x.zip
+          ./artifacts/SecurityCodeScan/bin/Release/**/*.nupkg
+          ./artifacts/SecurityCodeScan.Vsix/bin/Release/*.vsix
+          ./artifacts/SecurityCodeScan.Tool/.NET Core/bin/Release/*.nupkg
diff --git a/Directory.Build.props b/Directory.Build.props
index 5f11f4e2..83eba849 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -1,6 +1,6 @@
 <Project>
   <PropertyGroup>
-    <MicrosoftCodeAnalysisVersion>3.8.0</MicrosoftCodeAnalysisVersion>
+    <MicrosoftCodeAnalysisVersion>3.11.0</MicrosoftCodeAnalysisVersion>
   </PropertyGroup>
   <Choose>
     <When Condition=" '$(APPVEYOR_REPO_TAG_NAME)' != '' ">
@@ -10,7 +10,7 @@
     </When>
     <Otherwise>
       <PropertyGroup>
-        <AssemblyVersionNumber>5.6.2.0</AssemblyVersionNumber>
+        <AssemblyVersionNumber>5.6.7.9</AssemblyVersionNumber>
       </PropertyGroup>
     </Otherwise>
   </Choose>
diff --git a/NuGet.exe b/NuGet.exe
deleted file mode 100644
index 7d4cdaef..00000000
Binary files a/NuGet.exe and /dev/null differ
diff --git a/README.md b/README.md
index a43c243e..e0aafe09 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ Tests are ideal for developing features and fixing bugs as it is easy to debug.
 
 ### Debugging
 In case you are not sure what is wrong or you see AD0001 error with an exception, it is possible to debug the analysis of problematic Visual Studio solution.  
-> Visual Studio offloads some static analysis work to a separate process. It is a good idea to uncomment [the lines](https://github.com/security-code-scan/security-code-scan/blob/b246418f5d17ba8634ffd70295da636ee3596fc5/SecurityCodeScan/Analyzers/Analyzers.cs#L134-L135) to have a chance to debug the child process.
+> Visual Studio offloads some static analysis work to a separate process. It is a good idea to uncomment [the lines](https://github.com/security-code-scan/security-code-scan/blob/39912cfa53168e954b78d6eabc597e97311a54d3/SecurityCodeScan/Analyzers/Taint/TaintAnalyzer.cs#L140-L142) to have a chance to debug the child process.
 
 First, make sure there are no Security Code Scan Visual Studio extensions installed to avoid interference.  
 Right click `SecurityCodeScan.Vsix` project in the solution and choose `Set as StartUp project`.  
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..0d5cbdc4
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,11 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.x.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+Please report potential vulnerabilities [here](https://github.com/security-code-scan/security-code-scan/security/advisories/new).
diff --git a/SecurityCodeScan.Test/SecurityCodeScan.Test.csproj b/SecurityCodeScan.Test/SecurityCodeScan.Test.csproj
index 4457255f..1b930127 100644
--- a/SecurityCodeScan.Test/SecurityCodeScan.Test.csproj
+++ b/SecurityCodeScan.Test/SecurityCodeScan.Test.csproj
@@ -1,9 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.3\build\Microsoft.CodeAnalysis.Analyzers.props" Condition="Exists('..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.3\build\Microsoft.CodeAnalysis.Analyzers.props')" />
   <Import Project="..\packages\Microsoft.AspNetCore.Mvc.Razor.Extensions.2.1.0\build\netstandard2.0\Microsoft.AspNetCore.Mvc.Razor.Extensions.props" Condition="Exists('..\packages\Microsoft.AspNetCore.Mvc.Razor.Extensions.2.1.0\build\netstandard2.0\Microsoft.AspNetCore.Mvc.Razor.Extensions.props')" />
   <Import Project="..\packages\Microsoft.DiaSymReader.Native.1.7.0\build\Microsoft.DiaSymReader.Native.props" Condition="Exists('..\packages\Microsoft.DiaSymReader.Native.1.7.0\build\Microsoft.DiaSymReader.Native.props')" />
   <Import Project="..\packages\Microsoft.AspNetCore.Razor.Design.2.1.0\build\netstandard2.0\Microsoft.AspNetCore.Razor.Design.props" Condition="Exists('..\packages\Microsoft.AspNetCore.Razor.Design.2.1.0\build\netstandard2.0\Microsoft.AspNetCore.Razor.Design.props')" />
-  <Import Project="..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.2\build\Microsoft.CodeAnalysis.Analyzers.props" Condition="Exists('..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.2\build\Microsoft.CodeAnalysis.Analyzers.props')" />
   <Import Project="..\packages\MSTest.TestAdapter.2.1.0\build\net45\MSTest.TestAdapter.props" Condition="Exists('..\packages\MSTest.TestAdapter.2.1.0\build\net45\MSTest.TestAdapter.props')" />
   <Import Project="..\packages\SQLite.3.13.0\build\net45\SQLite.props" Condition="Exists('..\packages\SQLite.3.13.0\build\net45\SQLite.props')" />
   <PropertyGroup>
@@ -57,8 +57,8 @@
       <HintPath>..\packages\Castle.Core.3.3.3\lib\net45\Castle.Core.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="DiffPlex, Version=1.4.4.0, Culture=neutral, PublicKeyToken=1d35e91d1bd7bc0f, processorArchitecture=MSIL">
-      <HintPath>..\packages\DiffPlex.1.4.4\lib\net40\DiffPlex.dll</HintPath>
+    <Reference Include="DiffPlex, Version=1.5.0.0, Culture=neutral, PublicKeyToken=1d35e91d1bd7bc0f, processorArchitecture=MSIL">
+      <HintPath>..\packages\DiffPlex.1.5.0\lib\net40\DiffPlex.dll</HintPath>
     </Reference>
     <Reference Include="EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=MSIL">
       <HintPath>..\packages\EntityFramework.6.2.0\lib\net45\EntityFramework.dll</HintPath>
@@ -217,29 +217,29 @@
     <Reference Include="Microsoft.Bcl.HashCode, Version=1.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Bcl.HashCode.1.1.0\lib\net461\Microsoft.Bcl.HashCode.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.CodeAnalysis.Analyzer.Testing, Version=1.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.CodeAnalysis.Analyzer.Testing.1.1.0\lib\net46\Microsoft.CodeAnalysis.Analyzer.Testing.dll</HintPath>
+    <Reference Include="Microsoft.CodeAnalysis, Version=3.11.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.CodeAnalysis.Common.3.11.0\lib\netstandard2.0\Microsoft.CodeAnalysis.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.CodeAnalysis.Razor, Version=2.1.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.CodeAnalysis.Razor.2.1.0\lib\net46\Microsoft.CodeAnalysis.Razor.dll</HintPath>
+    <Reference Include="Microsoft.CodeAnalysis.Analyzer.Testing, Version=1.1.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.CodeAnalysis.Analyzer.Testing.1.1.1\lib\net472\Microsoft.CodeAnalysis.Analyzer.Testing.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.CodeAnalysis, Version=3.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.CodeAnalysis.Common.3.8.0\lib\netstandard2.0\Microsoft.CodeAnalysis.dll</HintPath>
+    <Reference Include="Microsoft.CodeAnalysis.CSharp, Version=3.11.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.CodeAnalysis.CSharp.3.11.0\lib\netstandard2.0\Microsoft.CodeAnalysis.CSharp.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.CodeAnalysis.CSharp, Version=3.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.CodeAnalysis.CSharp.3.8.0\lib\netstandard2.0\Microsoft.CodeAnalysis.CSharp.dll</HintPath>
+    <Reference Include="Microsoft.CodeAnalysis.CSharp.Workspaces, Version=3.11.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.CodeAnalysis.CSharp.Workspaces.3.11.0\lib\netstandard2.0\Microsoft.CodeAnalysis.CSharp.Workspaces.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.CodeAnalysis.CSharp.Workspaces, Version=3.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.CodeAnalysis.CSharp.Workspaces.3.8.0\lib\netstandard2.0\Microsoft.CodeAnalysis.CSharp.Workspaces.dll</HintPath>
+    <Reference Include="Microsoft.CodeAnalysis.Razor, Version=2.1.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.CodeAnalysis.Razor.2.1.0\lib\net46\Microsoft.CodeAnalysis.Razor.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.CodeAnalysis.VisualBasic, Version=3.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.CodeAnalysis.VisualBasic.3.8.0\lib\netstandard2.0\Microsoft.CodeAnalysis.VisualBasic.dll</HintPath>
+    <Reference Include="Microsoft.CodeAnalysis.VisualBasic, Version=3.11.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.CodeAnalysis.VisualBasic.3.11.0\lib\netstandard2.0\Microsoft.CodeAnalysis.VisualBasic.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.CodeAnalysis.VisualBasic.Workspaces, Version=3.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.CodeAnalysis.VisualBasic.Workspaces.3.8.0\lib\netstandard2.0\Microsoft.CodeAnalysis.VisualBasic.Workspaces.dll</HintPath>
+    <Reference Include="Microsoft.CodeAnalysis.VisualBasic.Workspaces, Version=3.11.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.CodeAnalysis.VisualBasic.Workspaces.3.11.0\lib\netstandard2.0\Microsoft.CodeAnalysis.VisualBasic.Workspaces.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.CodeAnalysis.Workspaces, Version=3.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.CodeAnalysis.Workspaces.Common.3.8.0\lib\netstandard2.0\Microsoft.CodeAnalysis.Workspaces.dll</HintPath>
+    <Reference Include="Microsoft.CodeAnalysis.Workspaces, Version=3.11.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.CodeAnalysis.Workspaces.Common.3.11.0\lib\netstandard2.0\Microsoft.CodeAnalysis.Workspaces.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Data.Sqlite, Version=1.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Data.Sqlite.1.1.1\lib\net451\Microsoft.Data.Sqlite.dll</HintPath>
@@ -366,8 +366,8 @@
       <HintPath>..\packages\Moq.4.5.16\lib\net45\Moq.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="Newtonsoft.Json, Version=11.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
-      <HintPath>..\packages\Newtonsoft.Json.11.0.2\lib\net45\Newtonsoft.Json.dll</HintPath>
+    <Reference Include="Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <HintPath>..\packages\Newtonsoft.Json.13.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
     </Reference>
     <Reference Include="Newtonsoft.Json.Bson, Version=1.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
       <HintPath>..\packages\Newtonsoft.Json.Bson.1.0.1\lib\net45\Newtonsoft.Json.Bson.dll</HintPath>
@@ -378,29 +378,29 @@
     <Reference Include="Npgsql, Version=3.0.8.0, Culture=neutral, PublicKeyToken=5d8b90d52f46fda7, processorArchitecture=MSIL">
       <HintPath>..\packages\Npgsql.3.0.8\lib\net45\Npgsql.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Common, Version=4.9.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\NuGet.Common.4.9.4\lib\net46\NuGet.Common.dll</HintPath>
+    <Reference Include="NuGet.Common, Version=5.6.0.5, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\NuGet.Common.5.6.0\lib\net472\NuGet.Common.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Configuration, Version=4.9.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\NuGet.Configuration.4.9.4\lib\net46\NuGet.Configuration.dll</HintPath>
+    <Reference Include="NuGet.Configuration, Version=5.6.0.5, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\NuGet.Configuration.5.6.0\lib\net472\NuGet.Configuration.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Frameworks, Version=4.9.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\NuGet.Frameworks.4.9.4\lib\net46\NuGet.Frameworks.dll</HintPath>
+    <Reference Include="NuGet.Frameworks, Version=5.6.0.5, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\NuGet.Frameworks.5.6.0\lib\net472\NuGet.Frameworks.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Packaging, Version=4.9.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\NuGet.Packaging.4.9.4\lib\net46\NuGet.Packaging.dll</HintPath>
+    <Reference Include="NuGet.Packaging, Version=5.6.0.5, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\NuGet.Packaging.5.6.0\lib\net472\NuGet.Packaging.dll</HintPath>
     </Reference>
     <Reference Include="NuGet.Packaging.Core, Version=4.9.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\NuGet.Packaging.Core.4.9.4\lib\net46\NuGet.Packaging.Core.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Protocol, Version=4.9.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\NuGet.Protocol.4.9.4\lib\net46\NuGet.Protocol.dll</HintPath>
+    <Reference Include="NuGet.Protocol, Version=5.6.0.5, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\NuGet.Protocol.5.6.0\lib\net472\NuGet.Protocol.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Resolver, Version=4.9.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\NuGet.Resolver.4.9.4\lib\net46\NuGet.Resolver.dll</HintPath>
+    <Reference Include="NuGet.Resolver, Version=5.6.0.5, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\NuGet.Resolver.5.6.0\lib\net472\NuGet.Resolver.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Versioning, Version=4.9.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\NuGet.Versioning.4.9.4\lib\net46\NuGet.Versioning.dll</HintPath>
+    <Reference Include="NuGet.Versioning, Version=5.6.0.5, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\NuGet.Versioning.5.6.0\lib\net472\NuGet.Versioning.dll</HintPath>
     </Reference>
     <Reference Include="Remotion.Linq, Version=2.1.0.0, Culture=neutral, PublicKeyToken=fee00910d6e5f53b, processorArchitecture=MSIL">
       <HintPath>..\packages\Remotion.Linq.2.1.1\lib\net45\Remotion.Linq.dll</HintPath>
@@ -494,8 +494,8 @@
     <Reference Include="System.IO.FileSystem.Primitives, Version=4.3.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
       <HintPath>..\packages\System.IO.FileSystem.Primitives.4.3.0\lib\net46\System.IO.FileSystem.Primitives.dll</HintPath>
     </Reference>
-    <Reference Include="System.IO.Pipelines, Version=5.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.IO.Pipelines.5.0.0\lib\net461\System.IO.Pipelines.dll</HintPath>
+    <Reference Include="System.IO.Pipelines, Version=5.0.0.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.IO.Pipelines.5.0.1\lib\net461\System.IO.Pipelines.dll</HintPath>
     </Reference>
     <Reference Include="System.Memory, Version=4.0.1.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
       <HintPath>..\packages\System.Memory.4.5.4\lib\net461\System.Memory.dll</HintPath>
@@ -689,8 +689,8 @@
     </ProjectReference>
   </ItemGroup>
   <ItemGroup>
-    <Analyzer Include="..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.2\analyzers\dotnet\cs\Microsoft.CodeAnalysis.Analyzers.dll" />
-    <Analyzer Include="..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.2\analyzers\dotnet\cs\Microsoft.CodeAnalysis.CSharp.Analyzers.dll" />
+    <Analyzer Include="..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.3\analyzers\dotnet\cs\Microsoft.CodeAnalysis.Analyzers.dll" />
+    <Analyzer Include="..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.3\analyzers\dotnet\cs\Microsoft.CodeAnalysis.CSharp.Analyzers.dll" />
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
@@ -704,20 +704,20 @@
     <Error Condition="!Exists('..\packages\SQLitePCLRaw.lib.e_sqlite3.linux.1.1.2\build\SQLitePCLRaw.lib.e_sqlite3.linux.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\SQLitePCLRaw.lib.e_sqlite3.linux.1.1.2\build\SQLitePCLRaw.lib.e_sqlite3.linux.targets'))" />
     <Error Condition="!Exists('..\packages\MSTest.TestAdapter.2.1.0\build\net45\MSTest.TestAdapter.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\MSTest.TestAdapter.2.1.0\build\net45\MSTest.TestAdapter.props'))" />
     <Error Condition="!Exists('..\packages\MSTest.TestAdapter.2.1.0\build\net45\MSTest.TestAdapter.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\MSTest.TestAdapter.2.1.0\build\net45\MSTest.TestAdapter.targets'))" />
-    <Error Condition="!Exists('..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.2\build\Microsoft.CodeAnalysis.Analyzers.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.2\build\Microsoft.CodeAnalysis.Analyzers.props'))" />
-    <Error Condition="!Exists('..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.2\build\Microsoft.CodeAnalysis.Analyzers.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.2\build\Microsoft.CodeAnalysis.Analyzers.targets'))" />
     <Error Condition="!Exists('..\packages\Microsoft.AspNetCore.Razor.Design.2.1.0\build\netstandard2.0\Microsoft.AspNetCore.Razor.Design.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.AspNetCore.Razor.Design.2.1.0\build\netstandard2.0\Microsoft.AspNetCore.Razor.Design.props'))" />
     <Error Condition="!Exists('..\packages\Microsoft.DiaSymReader.Native.1.7.0\build\Microsoft.DiaSymReader.Native.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.DiaSymReader.Native.1.7.0\build\Microsoft.DiaSymReader.Native.props'))" />
     <Error Condition="!Exists('..\packages\Microsoft.AspNetCore.Mvc.Razor.Extensions.2.1.0\build\netstandard2.0\Microsoft.AspNetCore.Mvc.Razor.Extensions.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.AspNetCore.Mvc.Razor.Extensions.2.1.0\build\netstandard2.0\Microsoft.AspNetCore.Mvc.Razor.Extensions.props'))" />
     <Error Condition="!Exists('..\packages\Microsoft.AspNetCore.Mvc.Razor.Extensions.2.1.0\build\netstandard2.0\Microsoft.AspNetCore.Mvc.Razor.Extensions.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.AspNetCore.Mvc.Razor.Extensions.2.1.0\build\netstandard2.0\Microsoft.AspNetCore.Mvc.Razor.Extensions.targets'))" />
+    <Error Condition="!Exists('..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.3\build\Microsoft.CodeAnalysis.Analyzers.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.3\build\Microsoft.CodeAnalysis.Analyzers.props'))" />
+    <Error Condition="!Exists('..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.3\build\Microsoft.CodeAnalysis.Analyzers.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.3\build\Microsoft.CodeAnalysis.Analyzers.targets'))" />
   </Target>
   <Import Project="..\packages\System.Data.SQLite.Core.1.0.109.2\build\net46\System.Data.SQLite.Core.targets" Condition="Exists('..\packages\System.Data.SQLite.Core.1.0.109.2\build\net46\System.Data.SQLite.Core.targets')" />
   <Import Project="..\packages\SQLitePCLRaw.lib.e_sqlite3.v110_xp.1.1.2\build\SQLitePCLRaw.lib.e_sqlite3.v110_xp.targets" Condition="Exists('..\packages\SQLitePCLRaw.lib.e_sqlite3.v110_xp.1.1.2\build\SQLitePCLRaw.lib.e_sqlite3.v110_xp.targets')" />
   <Import Project="..\packages\SQLitePCLRaw.lib.e_sqlite3.osx.1.1.2\build\SQLitePCLRaw.lib.e_sqlite3.osx.targets" Condition="Exists('..\packages\SQLitePCLRaw.lib.e_sqlite3.osx.1.1.2\build\SQLitePCLRaw.lib.e_sqlite3.osx.targets')" />
   <Import Project="..\packages\SQLitePCLRaw.lib.e_sqlite3.linux.1.1.2\build\SQLitePCLRaw.lib.e_sqlite3.linux.targets" Condition="Exists('..\packages\SQLitePCLRaw.lib.e_sqlite3.linux.1.1.2\build\SQLitePCLRaw.lib.e_sqlite3.linux.targets')" />
   <Import Project="..\packages\MSTest.TestAdapter.2.1.0\build\net45\MSTest.TestAdapter.targets" Condition="Exists('..\packages\MSTest.TestAdapter.2.1.0\build\net45\MSTest.TestAdapter.targets')" />
-  <Import Project="..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.2\build\Microsoft.CodeAnalysis.Analyzers.targets" Condition="Exists('..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.2\build\Microsoft.CodeAnalysis.Analyzers.targets')" />
   <Import Project="..\packages\Microsoft.AspNetCore.Mvc.Razor.Extensions.2.1.0\build\netstandard2.0\Microsoft.AspNetCore.Mvc.Razor.Extensions.targets" Condition="Exists('..\packages\Microsoft.AspNetCore.Mvc.Razor.Extensions.2.1.0\build\netstandard2.0\Microsoft.AspNetCore.Mvc.Razor.Extensions.targets')" />
+  <Import Project="..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.3\build\Microsoft.CodeAnalysis.Analyzers.targets" Condition="Exists('..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.3\build\Microsoft.CodeAnalysis.Analyzers.targets')" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
   <Target Name="BeforeBuild">
diff --git a/SecurityCodeScan.Test/app.config b/SecurityCodeScan.Test/app.config
index aa17dfee..bb93b363 100644
--- a/SecurityCodeScan.Test/app.config
+++ b/SecurityCodeScan.Test/app.config
@@ -25,7 +25,7 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.CodeAnalysis" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-3.8.0.0" newVersion="3.8.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-3.11.0.0" newVersion="3.11.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="System.Reflection.Metadata" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
@@ -36,7 +36,7 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.CodeAnalysis.Workspaces" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
-        <bindingRedirect oldVersion="0.0.0.0-3.8.0.0" newVersion="3.8.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-3.11.0.0" newVersion="3.11.0.0"/>
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="System.Composition.AttributedModel" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
@@ -50,7 +50,7 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.CodeAnalysis.CSharp" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-3.8.0.0" newVersion="3.8.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-3.11.0.0" newVersion="3.11.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.CodeAnalysis.VisualBasic" publicKeyToken="31bf3856ad364e35" culture="neutral" />
@@ -96,7 +96,7 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-11.0.0.0" newVersion="11.0.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="System.ComponentModel.Annotations" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
diff --git a/SecurityCodeScan.Test/packages.config b/SecurityCodeScan.Test/packages.config
index d3d894ba..1cbc93f3 100644
--- a/SecurityCodeScan.Test/packages.config
+++ b/SecurityCodeScan.Test/packages.config
@@ -3,7 +3,7 @@
   <package id="AntiXSS" version="4.3.0" targetFramework="net461" />
   <package id="CassandraCSharpDriver" version="3.0.9" targetFramework="net461" />
   <package id="Castle.Core" version="3.3.3" targetFramework="net46" />
-  <package id="DiffPlex" version="1.4.4" targetFramework="net461" />
+  <package id="DiffPlex" version="1.5.0" targetFramework="net48" />
   <package id="EnterpriseLibrary.Common" version="6.0.1304.0" targetFramework="net461" />
   <package id="EnterpriseLibrary.Data" version="6.0.1304.0" targetFramework="net461" />
   <package id="EntityFramework" version="6.2.0" targetFramework="net461" />
@@ -58,15 +58,15 @@
   <package id="Microsoft.AspNetCore.WebUtilities" version="2.1.0" targetFramework="net461" />
   <package id="Microsoft.Bcl.AsyncInterfaces" version="5.0.0" targetFramework="net461" />
   <package id="Microsoft.Bcl.HashCode" version="1.1.0" targetFramework="net461" />
-  <package id="Microsoft.CodeAnalysis.Analyzer.Testing" version="1.1.0" targetFramework="net461" />
-  <package id="Microsoft.CodeAnalysis.Analyzers" version="3.3.2" targetFramework="net461" developmentDependency="true" />
-  <package id="Microsoft.CodeAnalysis.Common" version="3.8.0" targetFramework="net461" />
-  <package id="Microsoft.CodeAnalysis.CSharp" version="3.8.0" targetFramework="net461" />
-  <package id="Microsoft.CodeAnalysis.CSharp.Workspaces" version="3.8.0" targetFramework="net461" />
+  <package id="Microsoft.CodeAnalysis.Analyzer.Testing" version="1.1.1" targetFramework="net48" />
+  <package id="Microsoft.CodeAnalysis.Analyzers" version="3.3.3" targetFramework="net48" developmentDependency="true" />
+  <package id="Microsoft.CodeAnalysis.Common" version="3.11.0" targetFramework="net48" />
+  <package id="Microsoft.CodeAnalysis.CSharp" version="3.11.0" targetFramework="net48" />
+  <package id="Microsoft.CodeAnalysis.CSharp.Workspaces" version="3.11.0" targetFramework="net48" />
   <package id="Microsoft.CodeAnalysis.Razor" version="2.1.0" targetFramework="net461" />
-  <package id="Microsoft.CodeAnalysis.VisualBasic" version="3.8.0" targetFramework="net461" />
-  <package id="Microsoft.CodeAnalysis.VisualBasic.Workspaces" version="3.8.0" targetFramework="net461" />
-  <package id="Microsoft.CodeAnalysis.Workspaces.Common" version="3.8.0" targetFramework="net461" />
+  <package id="Microsoft.CodeAnalysis.VisualBasic" version="3.11.0" targetFramework="net48" />
+  <package id="Microsoft.CodeAnalysis.VisualBasic.Workspaces" version="3.11.0" targetFramework="net48" />
+  <package id="Microsoft.CodeAnalysis.Workspaces.Common" version="3.11.0" targetFramework="net48" />
   <package id="Microsoft.Composition" version="1.0.27" targetFramework="net46" />
   <package id="Microsoft.CSharp" version="4.5.0" targetFramework="net461" />
   <package id="Microsoft.Data.Sqlite" version="1.1.1" targetFramework="net461" />
@@ -112,18 +112,18 @@
   <package id="MSTest.TestAdapter" version="2.1.0" targetFramework="net461" />
   <package id="MSTest.TestFramework" version="2.1.0" targetFramework="net461" />
   <package id="NETStandard.Library" version="1.6.1" targetFramework="net46" />
-  <package id="Newtonsoft.Json" version="11.0.2" targetFramework="net461" />
+  <package id="Newtonsoft.Json" version="13.0.1" targetFramework="net48" />
   <package id="Newtonsoft.Json.Bson" version="1.0.1" targetFramework="net461" />
   <package id="NHibernate" version="4.1.2.4000" targetFramework="net461" />
   <package id="Npgsql" version="3.0.8" targetFramework="net461" />
-  <package id="NuGet.Common" version="4.9.4" targetFramework="net461" />
-  <package id="NuGet.Configuration" version="4.9.4" targetFramework="net461" />
-  <package id="NuGet.Frameworks" version="4.9.4" targetFramework="net461" />
-  <package id="NuGet.Packaging" version="4.9.4" targetFramework="net461" />
+  <package id="NuGet.Common" version="5.6.0" targetFramework="net48" />
+  <package id="NuGet.Configuration" version="5.6.0" targetFramework="net48" />
+  <package id="NuGet.Frameworks" version="5.6.0" targetFramework="net48" />
+  <package id="NuGet.Packaging" version="5.6.0" targetFramework="net48" />
   <package id="NuGet.Packaging.Core" version="4.9.4" targetFramework="net461" />
-  <package id="NuGet.Protocol" version="4.9.4" targetFramework="net461" />
-  <package id="NuGet.Resolver" version="4.9.4" targetFramework="net461" />
-  <package id="NuGet.Versioning" version="4.9.4" targetFramework="net461" />
+  <package id="NuGet.Protocol" version="5.6.0" targetFramework="net48" />
+  <package id="NuGet.Resolver" version="5.6.0" targetFramework="net48" />
+  <package id="NuGet.Versioning" version="5.6.0" targetFramework="net48" />
   <package id="Remotion.Linq" version="2.1.1" targetFramework="net461" />
   <package id="ServiceStack.Text" version="5.0.2" targetFramework="net461" />
   <package id="SQLite" version="3.13.0" targetFramework="net461" />
@@ -165,7 +165,7 @@
   <package id="System.IO.Compression.ZipFile" version="4.3.0" targetFramework="net461" />
   <package id="System.IO.FileSystem" version="4.3.0" targetFramework="net461" />
   <package id="System.IO.FileSystem.Primitives" version="4.3.0" targetFramework="net46" />
-  <package id="System.IO.Pipelines" version="5.0.0" targetFramework="net461" />
+  <package id="System.IO.Pipelines" version="5.0.1" targetFramework="net48" />
   <package id="System.Linq" version="4.3.0" targetFramework="net46" />
   <package id="System.Linq.Expressions" version="4.3.0" targetFramework="net46" />
   <package id="System.Linq.Queryable" version="4.0.1" targetFramework="net461" />
diff --git a/SecurityCodeScan.Tool/.NET 4.x/security-scan.csproj b/SecurityCodeScan.Tool/.NET 4.x/security-scan.csproj
index f026181e..e64dd552 100644
--- a/SecurityCodeScan.Tool/.NET 4.x/security-scan.csproj	
+++ b/SecurityCodeScan.Tool/.NET 4.x/security-scan.csproj	
@@ -24,10 +24,10 @@
   <ItemGroup>
     <PackageReference Include="DotNet.Glob" Version="3.1.2" />
     <PackageReference Include="Microsoft.Build.Locator" Version="1.4.1" />
-    <PackageReference Include="Microsoft.CodeAnalysis.Analyzers" Version="3.3.2" PrivateAssets="all" />
-    <PackageReference Include="Microsoft.CodeAnalysis.CSharp.Workspaces" Version="3.8.0" />
-    <PackageReference Include="Microsoft.CodeAnalysis.VisualBasic.Workspaces" Version="3.8.0" />
-    <PackageReference Include="Microsoft.CodeAnalysis.Workspaces.MSBuild" Version="3.8.0" />
+    <PackageReference Include="Microsoft.CodeAnalysis.Analyzers" Version="3.3.3" PrivateAssets="all" />
+    <PackageReference Include="Microsoft.CodeAnalysis.CSharp.Workspaces" Version="3.11.0" />
+    <PackageReference Include="Microsoft.CodeAnalysis.VisualBasic.Workspaces" Version="3.11.0" />
+    <PackageReference Include="Microsoft.CodeAnalysis.Workspaces.MSBuild" Version="3.11.0" />
     <PackageReference Include="Mono.Options" Version="6.6.0.161" />
     <PackageReference Include="MSBuild.AssemblyVersion" Version="1.3.0">
       <PrivateAssets>all</PrivateAssets>
diff --git a/SecurityCodeScan.Tool/.NET Core/security-scan.csproj b/SecurityCodeScan.Tool/.NET Core/security-scan.csproj
index e56bbfe3..26c57253 100644
--- a/SecurityCodeScan.Tool/.NET Core/security-scan.csproj	
+++ b/SecurityCodeScan.Tool/.NET Core/security-scan.csproj	
@@ -3,7 +3,7 @@
   <PropertyGroup>
     <Nullable>enable</Nullable>
     <OutputType>Exe</OutputType>
-    <TargetFrameworks>net5.0;net6.0</TargetFrameworks>
+    <TargetFrameworks>net6.0;net5.0;netcoreapp3.1</TargetFrameworks>
     <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
     <PackAsTool>true</PackAsTool>
     <ToolCommandName>security-scan</ToolCommandName>
@@ -42,10 +42,10 @@
   <ItemGroup>
     <PackageReference Include="DotNet.Glob" Version="3.1.2" />
     <PackageReference Include="Microsoft.Build.Locator" Version="1.4.1" />
-    <PackageReference Include="Microsoft.CodeAnalysis.Analyzers" Version="3.3.2" PrivateAssets="all" />
-    <PackageReference Include="Microsoft.CodeAnalysis.CSharp.Workspaces" Version="3.8.0" />
-    <PackageReference Include="Microsoft.CodeAnalysis.VisualBasic.Workspaces" Version="3.8.0" />
-    <PackageReference Include="Microsoft.CodeAnalysis.Workspaces.MSBuild" Version="3.8.0" />
+    <PackageReference Include="Microsoft.CodeAnalysis.Analyzers" Version="3.3.3" PrivateAssets="all" />
+    <PackageReference Include="Microsoft.CodeAnalysis.CSharp.Workspaces" Version="3.11.0" />
+    <PackageReference Include="Microsoft.CodeAnalysis.VisualBasic.Workspaces" Version="3.11.0" />
+    <PackageReference Include="Microsoft.CodeAnalysis.Workspaces.MSBuild" Version="3.11.0" />
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/SecurityCodeScan.Tool/Program.cs b/SecurityCodeScan.Tool/Program.cs
index 5ece38a5..d01b6a9f 100644
--- a/SecurityCodeScan.Tool/Program.cs
+++ b/SecurityCodeScan.Tool/Program.cs
@@ -26,16 +26,19 @@ namespace SecurityCodeScan.Tool
 {
     internal abstract class Runner
     {
-        protected int _count;
+        protected int _analysis_warnings = 0;
+        protected int _errors = 0;
+        protected int _warnings = 0;
+
         private List<DiagnosticAnalyzer> _analyzers;
-        protected Func<ImmutableArray<Diagnostic>, ParsedOptions, ConcurrentDictionary<string, DiagnosticDescriptor>, SarifV2ErrorLogger, int> _logDiagnostics;
+        protected Func<ImmutableArray<Diagnostic>, ParsedOptions, ConcurrentDictionary<string, DiagnosticDescriptor>, SarifV2ErrorLogger, (int, int, int)> _logDiagnostics;
         protected ParsedOptions _parsedOptions;
         protected ConcurrentDictionary<string, DiagnosticDescriptor> _descriptors;
         protected SarifV2ErrorLogger _logger;
 
         public Runner(
             List<DiagnosticAnalyzer> analyzers,
-            Func<ImmutableArray<Diagnostic>, ParsedOptions, ConcurrentDictionary<string, DiagnosticDescriptor>, SarifV2ErrorLogger, int> logDiagnostics,
+            Func<ImmutableArray<Diagnostic>, ParsedOptions, ConcurrentDictionary<string, DiagnosticDescriptor>, SarifV2ErrorLogger, (int, int, int)> logDiagnostics,
             ParsedOptions parsedOptions,
             ConcurrentDictionary<string, DiagnosticDescriptor> descriptors,
             SarifV2ErrorLogger logger)
@@ -49,16 +52,16 @@ public Runner(
 
         public abstract Task Run(Project project);
 
-        public virtual async Task<int> WaitForCompletion()
+        public virtual async Task<(int, int, int)> WaitForCompletion()
         {
-            return await Task.FromResult(_count).ConfigureAwait(false);
+            return await Task.FromResult((_analysis_warnings, _errors, _warnings)).ConfigureAwait(false);
         }
 
         protected async Task<ImmutableArray<Diagnostic>> GetDiagnostics(Project project)
         {
             var compilation = await project.GetCompilationAsync().ConfigureAwait(false);
             var compilationWithAnalyzers = compilation.WithAnalyzers(_analyzers.ToImmutableArray(), project.AnalyzerOptions);
-            return await compilationWithAnalyzers.GetAnalyzerDiagnosticsAsync().ConfigureAwait(false);
+            return await compilationWithAnalyzers.GetAllDiagnosticsAsync().ConfigureAwait(false);
         }
     }
 
@@ -69,7 +72,7 @@ internal class SingleThreadRunner : Runner
         public SingleThreadRunner(
             bool verbose,
             List<DiagnosticAnalyzer> analyzers,
-            Func<ImmutableArray<Diagnostic>, ParsedOptions, ConcurrentDictionary<string, DiagnosticDescriptor>, SarifV2ErrorLogger, int> logDiagnostics,
+            Func<ImmutableArray<Diagnostic>, ParsedOptions, ConcurrentDictionary<string, DiagnosticDescriptor>, SarifV2ErrorLogger, (int, int, int)> logDiagnostics,
             ParsedOptions parsedOptions,
             ConcurrentDictionary<string, DiagnosticDescriptor> descriptors,
             SarifV2ErrorLogger logger)
@@ -83,7 +86,10 @@ public override async Task Run(Project project)
             if (_verbose)
                 Console.WriteLine($"Starting: {project.FilePath}");
             var diagnostics = await GetDiagnostics(project).ConfigureAwait(false);
-            _count += _logDiagnostics(diagnostics, _parsedOptions, _descriptors, _logger);
+            (var analysisWarnings, var errors, var warnings) = _logDiagnostics(diagnostics, _parsedOptions, _descriptors, _logger);
+            _analysis_warnings += analysisWarnings;
+            _errors += errors;
+            _warnings += warnings;
         }
     }
 
@@ -95,7 +101,7 @@ internal class MultiThreadRunner : Runner
         public MultiThreadRunner(
             bool verbose,
             List<DiagnosticAnalyzer> analyzers,
-            Func<ImmutableArray<Diagnostic>, ParsedOptions, ConcurrentDictionary<string, DiagnosticDescriptor>, SarifV2ErrorLogger, int> logDiagnostics,
+            Func<ImmutableArray<Diagnostic>, ParsedOptions, ConcurrentDictionary<string, DiagnosticDescriptor>, SarifV2ErrorLogger, (int, int, int)> logDiagnostics,
             ParsedOptions parsedOptions,
             ConcurrentDictionary<string, DiagnosticDescriptor> descriptors,
             SarifV2ErrorLogger logger,
@@ -117,7 +123,10 @@ public MultiThreadRunner(
 
             _resultsBlock = new ActionBlock<ImmutableArray<Diagnostic>>(diagnostics =>
             {
-                _count += logDiagnostics(diagnostics, _parsedOptions, descriptors, logger);
+                (var analysisWarnings, var errors, var warnings) = logDiagnostics(diagnostics, _parsedOptions, descriptors, logger);
+                _analysis_warnings += analysisWarnings;
+                _errors += errors;
+                _warnings += warnings;
             },
             new ExecutionDataflowBlockOptions
             {
@@ -135,7 +144,7 @@ public override async Task Run(Project project)
             }
         }
 
-        public override async Task<int> WaitForCompletion()
+        public override async Task<(int, int, int)> WaitForCompletion()
         {
             _scanBlock.Complete();
             await _resultsBlock.Completion.ConfigureAwait(false);
@@ -152,12 +161,15 @@ internal class ParsedOptions
         public bool shouldShowHelp = false;
         public bool verbose = false;
         public bool ignoreMsBuildErrors = false;
+        public bool ignoreCompilerErrors = false;
         public bool showBanner = true;
         public bool cwe = false;
+        public bool failOnWarning = false;
         public HashSet<string> excludeWarnings = new HashSet<string>();
         public HashSet<string> includeWarnings = new HashSet<string>();
         public List<Glob> excludeProjects = new List<Glob>();
         public List<Glob> includeProjects = new List<Glob>();
+        public string sdkPath = null;
 
         public OptionSet inputOptions = null;
 
@@ -172,7 +184,7 @@ public void Parse(string[] args)
 
                 inputOptions = new OptionSet
                 {
-                    { "<>",             "(Required) solution path", r => { solutionPath = r; } },
+                    { "<>",             "(Required) solution or project path", r => { solutionPath = r; } },
                     { "w|excl-warn=",   "(Optional) semicolon delimited list of warnings to exclude", r => { excludeWarningsList = r; } },
                     { "incl-warn=",     "(Optional) semicolon delimited list of warnings to include", r => { includeWarningsList = r; } },
                     { "p|excl-proj=",   "(Optional) semicolon delimited list of glob project patterns to exclude", r => { excludeProjectsList = r; } },
@@ -181,9 +193,12 @@ public void Parse(string[] args)
                     { "c|config=",      "(Optional) path to additional configuration file", r => { config = r; } },
                     { "cwe",            "(Optional) show CWE IDs", r => { cwe = r != null; } },
                     { "t|threads=",     "(Optional) run analysis in parallel (experimental)", (int r) => { threads = r; } },
+                    { "sdk-path=",      "(Optional) Path to .NET SDK to use.",  r => { sdkPath = r; } },
+                    { "ignore-msbuild-errors", "(Optional) Don't stop on MSBuild errors", r => { ignoreMsBuildErrors = r != null; } },
+                    { "ignore-compiler-errors", "(Optional) Don't exit with non-zero code on compilation errors", r => { ignoreCompilerErrors = r != null; } },
+                    { "f|fail-any-warn","(Optional) fail on security warnings with non-zero exit code", r => { failOnWarning = r != null; } },
                     { "n|no-banner",    "(Optional) don't show the banner", r => { showBanner = r == null; } },
                     { "v|verbose",      "(Optional) more diagnostic messages", r => { verbose = r != null; } },
-                    { "ignore-msbuild-errors", "(Optional) Don't stop on MSBuild errors", r => { ignoreMsBuildErrors = r != null; } },
                     { "h|?|help",       "show this message and exit", h => shouldShowHelp = h != null },
                 };
 
@@ -217,6 +232,8 @@ void SplitBy<T>(bool toUpper, char separator, ICollection<T> outContainer, strin
 
     internal class Program
     {
+        private static readonly Regex ProjRegex = new Regex(@"^.*'([^']+\.[a-z]+)'.*$", RegexOptions.Compiled);
+
         private static async Task<int> Main(string[] args)
         {
             Console.OutputEncoding = Encoding.UTF8;
@@ -255,43 +272,137 @@ private static async Task<int> Main(string[] args)
                 Console.WriteLine("\nUsage:\n");
                 parsedOptions.inputOptions.WriteOptionDescriptions(Console.Out);
                 Console.WriteLine("\nExample:\n");
-                Console.WriteLine($"  {name} my.sln --excl-proj=**/*Test*/** --export=out.sarif --excl-warn=SCS1234;SCS2345 --config=setting.yml");
+                Console.WriteLine($"  {name} my.sln/my.csproj --excl-proj=**/*Test*/** --export=out.sarif --excl-warn=SCS1234;SCS2345 --config=setting.yml");
                 return 1;
             }
 
             var returnCode = 0;
 
             // Attempt to set the version of MSBuild.
-            var visualStudioInstances = MSBuildLocator.QueryVisualStudioInstances().ToArray();
-            var instance = visualStudioInstances.OrderByDescending(x => x.Version).FirstOrDefault();
-            if (instance != null)
+            if (parsedOptions.sdkPath != null)
             {
-                if (parsedOptions.verbose)
-                    Console.WriteLine($"Using MSBuild at '{instance.MSBuildPath}' to load projects.");
-                MSBuildLocator.RegisterInstance(instance);
+                void ApplyDotNetSdkEnvironmentVariables(string dotNetSdkPath)
+                {
+                    const string MSBUILD_EXE_PATH = nameof(MSBUILD_EXE_PATH);
+                    const string MSBuildExtensionsPath = nameof(MSBuildExtensionsPath);
+                    const string MSBuildSDKsPath = nameof(MSBuildSDKsPath);
+
+                    var variables = new Dictionary<string, string>
+                    {
+                        [MSBUILD_EXE_PATH] = Path.Combine(dotNetSdkPath, "MSBuild.dll"),
+                        [MSBuildExtensionsPath] = dotNetSdkPath,
+                        [MSBuildSDKsPath] = Path.Combine(dotNetSdkPath, "Sdks")
+                    };
+
+                    foreach (var kvp in variables)
+                    {
+                        Environment.SetEnvironmentVariable(kvp.Key, kvp.Value);
+                    }
+                }
+                ApplyDotNetSdkEnvironmentVariables(parsedOptions.sdkPath);
+                // Find and load NuGet assemblies if msbuildPath is in a VS installation
+                string nugetPath = Path.GetFullPath(Path.Combine(parsedOptions.sdkPath, "..", "..", "..", "Common7", "IDE", "CommonExtensions", "Microsoft", "NuGet"));
+                if (Directory.Exists(nugetPath))
+                {
+                    MSBuildLocator.RegisterMSBuildPath(new string[] { parsedOptions.sdkPath, nugetPath });
+                }
+                else
+                {
+                    MSBuildLocator.RegisterMSBuildPath(parsedOptions.sdkPath);
+                }
+            }
+            else
+            {
+                var visualStudioInstances = MSBuildLocator.QueryVisualStudioInstances().ToArray();
+                var instance = visualStudioInstances.OrderByDescending(x => x.Version).FirstOrDefault();
+                if (instance != null)
+                {
+                    if (parsedOptions.verbose)
+                        Console.WriteLine($"Using MSBuild at '{instance.MSBuildPath}' to load projects.");
+                    MSBuildLocator.RegisterInstance(instance);
+                }
+                else
+                {
+                    Console.WriteLine($"Failed to find MSBuild path. Try specifying `sdk-path=` as a command line parameter.");
+                    return 1;
+                }
             }
 
             var properties = new Dictionary<string, string>() { { "AdditionalFileItemNames", "$(AdditionalFileItemNames);Content" } };
 
+            var solutionDirectory = Path.GetDirectoryName(parsedOptions.solutionPath) + Path.DirectorySeparatorChar;
+
             using (var workspace = MSBuildWorkspace.Create(properties))
             {
                 // Print message for WorkspaceFailed event to help diagnosing project load failures.
                 workspace.WorkspaceFailed += (o, e) =>
                 {
+                    if (e.Diagnostic.Message.Contains(".shproj") || e.Diagnostic.Message.Contains(".sqlproj") || e.Diagnostic.Message.Contains(".fsproj"))
+                    {
+                        return;
+                    }
+
                     var kind = e.Diagnostic.Kind;
 
                     if (kind == WorkspaceDiagnosticKind.Warning && !parsedOptions.verbose)
                         return;
 
+                    var match = ProjRegex.Matches(e.Diagnostic.Message);
+                    if (match.Count == 1)
+                    {
+                        var path = match[0].Groups[1].Value;
+                        if (path.StartsWith(solutionDirectory))
+                            path = match[0].Groups[1].Value.Remove(0, solutionDirectory.Length);
+
+                        if ((parsedOptions.includeProjects.Any() && !parsedOptions.includeProjects.Any(x => x.IsMatch(path))) ||
+                            parsedOptions.excludeProjects.Any(x => x.IsMatch(path)))
+                        {
+                            return;
+                        }
+                    }
+
                     LogError(kind == WorkspaceDiagnosticKind.Failure, e.Diagnostic.Message);
 
                     if (kind == WorkspaceDiagnosticKind.Failure && !parsedOptions.ignoreMsBuildErrors)
                         returnCode = 2;
                 };
 
-                Console.WriteLine($"Loading solution '{parsedOptions.solutionPath}'");
-                // Attach progress reporter so we print projects as they are loaded.
-                var solution = await workspace.OpenSolutionAsync(parsedOptions.solutionPath, new ConsoleProgressReporter(parsedOptions.verbose)).ConfigureAwait(false);
+                List<Project> projects;
+                if (parsedOptions.solutionPath.EndsWith(".sln"))
+                {
+                    Console.WriteLine($"Loading solution '{parsedOptions.solutionPath}'");
+                    // Attach progress reporter so we print projects as they are loaded.
+                    var solution = await workspace.OpenSolutionAsync(parsedOptions.solutionPath, new ConsoleProgressReporter(parsedOptions.verbose)).ConfigureAwait(false);
+                    projects = new List<Project>(solution.Projects.Count());
+
+                    foreach (var project in solution.Projects)
+                    {
+                        if (project.FilePath.EndsWith(".shproj") || project.FilePath.EndsWith(".sqlproj") || project.FilePath.EndsWith(".fsproj"))
+                        {
+                            Console.WriteLine($"Skipped: {project.FilePath} excluded from analysis");
+                            continue;
+                        }
+
+                        var path = project.FilePath;
+                        if (path.StartsWith(solutionDirectory))
+                            path = path.Remove(0, solutionDirectory.Length);
+
+                        if ((parsedOptions.includeProjects.Any() && !parsedOptions.includeProjects.Any(x => x.IsMatch(path))) ||
+                            parsedOptions.excludeProjects.Any(x => x.IsMatch(path)))
+                        {
+                            Console.WriteLine($"Skipped: {project.FilePath} excluded from analysis");
+                            continue;
+                        }
+
+                        projects.Add(project);
+                    }
+                }
+                else
+                {
+                    // Attach progress reporter so we print projects as they are loaded.
+                    projects = new List<Project>() { await workspace.OpenProjectAsync(parsedOptions.solutionPath, new ConsoleProgressReporter(parsedOptions.verbose)).ConfigureAwait(false) };
+                }
+
                 Console.WriteLine($"Finished loading solution '{parsedOptions.solutionPath}'");
                 if (returnCode != 0)
                     return returnCode;
@@ -299,11 +410,26 @@ private static async Task<int> Main(string[] args)
                 var analyzers = new List<DiagnosticAnalyzer>();
                 LoadAnalyzers(parsedOptions, analyzers);
 
-                var count = await GetDiagnostics(parsedOptions, versionString, solution, analyzers).ConfigureAwait(false);
+                (var count, var errors, _) = await GetDiagnostics(parsedOptions, versionString, projects, analyzers).ConfigureAwait(false);
 
                 var elapsed = DateTime.Now - startTime;
-                Console.WriteLine($@"Completed in {elapsed:hh\:mm\:ss}");
-                Console.WriteLine($@"{count} warnings");
+                if (parsedOptions.verbose)
+                    Console.WriteLine($@"Completed in {elapsed:hh\:mm\:ss}");
+                Console.WriteLine($@"Found {count} security issues.");
+
+                if (errors > 0 && !parsedOptions.ignoreCompilerErrors)
+                {
+                    if (parsedOptions.verbose)
+                        Console.WriteLine($@"Exiting with 2 due to compilation errors.");
+                    return 2;
+                }
+
+                if (parsedOptions.failOnWarning && count > 0)
+                {
+                    if (parsedOptions.verbose)
+                        Console.WriteLine($@"Exiting with 1 due to warnings.");
+                    return 1;
+                }
 
                 return 0;
             }
@@ -320,10 +446,10 @@ private static void LogError(bool error, string msg)
             Console.ForegroundColor = ConsoleColor.White;
         }
 
-        private static async Task<int> GetDiagnostics(
+        private static async Task<(int, int, int)> GetDiagnostics(
             ParsedOptions parsedOptions,
             string versionString,
-            Solution solution,
+            IEnumerable<Project> projects,
             List<DiagnosticAnalyzer> analyzers)
         {
             Stream stream = null;
@@ -358,22 +484,8 @@ private static async Task<int> GetDiagnostics(
                         runner = new SingleThreadRunner(parsedOptions.verbose, analyzers, LogDiagnostics, parsedOptions, descriptors, logger);
                     }
 
-                    var solutionPath = Path.GetDirectoryName(solution.FilePath) + Path.DirectorySeparatorChar;
-                    foreach (var project in solution.Projects)
+                    foreach (var project in projects)
                     {
-                        var projectPath = project.FilePath;
-                        if (projectPath.StartsWith(solutionPath))
-                            projectPath = projectPath.Remove(0, solutionPath.Length);
-
-
-
-                        if ((parsedOptions.includeProjects.Any() && !parsedOptions.includeProjects.Any(x => x.IsMatch(projectPath))) ||
-                            parsedOptions.excludeProjects.Any(x => x.IsMatch(projectPath)))
-                        {
-                            Console.WriteLine($"Skipped: {project.FilePath} excluded from analysis");
-                            continue;
-                        }
-
                         await runner.Run(project).ConfigureAwait(false);
                     }
 
@@ -421,17 +533,33 @@ private static void LoadAnalyzers(ParsedOptions parsedOptions, List<DiagnosticAn
             }
         }
 
-        private static int LogDiagnostics(
+        private static (int, int, int) LogDiagnostics(
             ImmutableArray<Diagnostic> diagnostics,
             ParsedOptions parsedOptions,
             ConcurrentDictionary<string, DiagnosticDescriptor> descriptors,
             SarifV2ErrorLogger logger)
         {
-            var count = 0;
+            var analysis_issues = 0;
+            var errors = 0;
+            var warnings = 0;
 
             foreach (var diag in diagnostics)
             {
                 var d = diag;
+                if (d.Severity == DiagnosticSeverity.Hidden || d.Severity == DiagnosticSeverity.Info)
+                    continue;
+
+                if (!d.Id.StartsWith("SCS"))
+                {
+                    LogError(d.Severity == DiagnosticSeverity.Error, d.ToString());
+                    if (d.Severity == DiagnosticSeverity.Error)
+                        ++errors;
+                    else
+                        ++warnings;
+
+                    continue;
+                }
+
                 // Second pass. Analyzers may support more than one diagnostic.
                 // Filter excluded diagnostics.
                 if (parsedOptions.excludeWarnings.Contains(d.Id))
@@ -439,7 +567,7 @@ private static int LogDiagnostics(
                 else if (parsedOptions.includeWarnings.Any() && !parsedOptions.includeWarnings.Contains(d.Id))
                     continue;
 
-                ++count;
+                ++analysis_issues;
 
                 // fix locations for diagnostics from additional files
                 if (d.Location == Location.None)
@@ -472,18 +600,18 @@ private static int LogDiagnostics(
                         msg = msg.Replace($"{d.Id}:", $"{d.Id}: CWE-{cwe}:");
                     }
 
-                    Console.WriteLine($"Found: {msg}");
+                    Console.WriteLine(msg);
                 }
                 else
                 {
-                    Console.WriteLine($"Found: {d}");
+                    Console.WriteLine(d.ToString());
                 }
 
                 if (logger != null)
                     logger.LogDiagnostic(d, null);
             }
 
-            return count;
+            return (analysis_issues, errors, warnings);
         }
 
         private static readonly Regex WebConfigMessageRegex = new Regex(@"(.*) in (.*)\((\d+)\): (.*)", RegexOptions.Compiled);
diff --git a/SecurityCodeScan.Tool/SarifV2ErrorLogger.cs b/SecurityCodeScan.Tool/SarifV2ErrorLogger.cs
index cff31523..264ca448 100644
--- a/SecurityCodeScan.Tool/SarifV2ErrorLogger.cs
+++ b/SecurityCodeScan.Tool/SarifV2ErrorLogger.cs
@@ -17,7 +17,7 @@ namespace Microsoft.CodeAnalysis
 {
     public static class AttributeDataExtensions
     {
-        public static T? DecodeNamedArgument<T>(this AttributeData data, string name, SpecialType specialType, T? defaultValue = default)
+        public static T DecodeNamedArgument<T>(this AttributeData data, string name, SpecialType specialType, T defaultValue = default)
         {
             var namedArguments = data.NamedArguments;
             int index = IndexOfNamedArgument(namedArguments, name);
@@ -43,9 +43,9 @@ private static int IndexOfNamedArgument(ImmutableArray<KeyValuePair<string, Type
 
     public static class TypedConstantExtensions
     {
-        public static T? DecodeValue<T>(this TypedConstant c, SpecialType specialType)
+        public static T DecodeValue<T>(this TypedConstant c, SpecialType specialType)
         {
-            c.TryDecodeValue(specialType, out T? value);
+            c.TryDecodeValue(specialType, out T value);
             return value;
         }
 
diff --git a/SecurityCodeScan/Analyzers/Taint/TaintAnalyzer.cs b/SecurityCodeScan/Analyzers/Taint/TaintAnalyzer.cs
index 4c2857dc..3aafcf24 100644
--- a/SecurityCodeScan/Analyzers/Taint/TaintAnalyzer.cs
+++ b/SecurityCodeScan/Analyzers/Taint/TaintAnalyzer.cs
@@ -137,6 +137,10 @@ public abstract class TaintAnalyzer : DiagnosticAnalyzer
 
         public override void Initialize(AnalysisContext context)
         {
+            //// uncomment for debugging visual studio extension
+            //if (!Debugger.IsAttached)
+            //    Debugger.Launch();
+
             if (!Debugger.IsAttached) // prefer single thread for debugging in development
                 context.EnableConcurrentExecution();
 
diff --git a/SecurityCodeScan/SecurityCodeScan.csproj b/SecurityCodeScan/SecurityCodeScan.csproj
index bb879f00..f67c381f 100644
--- a/SecurityCodeScan/SecurityCodeScan.csproj
+++ b/SecurityCodeScan/SecurityCodeScan.csproj
@@ -23,12 +23,12 @@
   
   <ItemGroup>
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.CodeAnalysis.Analyzers" Version="3.3.2">
+    <PackageReference Include="Microsoft.CodeAnalysis.Analyzers" Version="3.3.3">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="3.8.0" />
-    <PackageReference Include="Microsoft.CodeAnalysis.VisualBasic" Version="3.8.0" />
+    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="3.11.0" />
+    <PackageReference Include="Microsoft.CodeAnalysis.VisualBasic" Version="3.11.0" />
     <PackageReference Include="MSBuild.AssemblyVersion" Version="1.3.0">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
@@ -58,7 +58,7 @@
     <GetAssemblyIdentity AssemblyFiles="$(OutDir)\$(AssemblyName).dll">
       <Output TaskParameter="Assemblies" ItemName="AnalyzerAssemblyInfo" />
     </GetAssemblyIdentity>
-    <Exec Command="$(SolutionDir)nuget.exe pack Diagnostic.nuspec -NoPackageAnalysis -Version %(AnalyzerAssemblyInfo.Version) -Properties repositoryCommit=$(SourceRevisionId) -OutputDirectory ." WorkingDirectory="$(OutDir)" LogStandardErrorAsError="true" ConsoleToMSBuild="true">
+    <Exec Command="nuget pack Diagnostic.nuspec -NoPackageAnalysis -Version %(AnalyzerAssemblyInfo.Version) -Properties repositoryCommit=$(SourceRevisionId) -OutputDirectory ." WorkingDirectory="$(OutDir)" LogStandardErrorAsError="true" ConsoleToMSBuild="true">
       <Output TaskParameter="ConsoleOutput" PropertyName="OutputOfExec" />
     </Exec>
   </Target>
@@ -70,9 +70,9 @@
   <Import Project="..\Roslyn\Workspaces\Workspaces.Utilities.projitems" Label="Shared" />
 
   <ItemGroup>
-    <PackageReference Update="Microsoft.CodeAnalysis" Version="3.8.0" />
-    <PackageReference Update="Microsoft.CodeAnalysis.Common" Version="3.8.0" />
-    <PackageReference Update="Microsoft.CodeAnalysis.Workspaces.Common" Version="3.8.0" />
+    <PackageReference Update="Microsoft.CodeAnalysis" Version="3.11.0" />
+    <PackageReference Update="Microsoft.CodeAnalysis.Common" Version="3.11.0" />
+    <PackageReference Update="Microsoft.CodeAnalysis.Workspaces.Common" Version="3.11.0" />
   </ItemGroup>
 
 </Project>
diff --git a/SecurityCodeScan/app.config b/SecurityCodeScan/app.config
deleted file mode 100644
index a400386c..00000000
--- a/SecurityCodeScan/app.config
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<configuration>
-  <runtime>
-    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
-      <dependentAssembly>
-        <assemblyIdentity name="Microsoft.CodeAnalysis" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.3.1.0" newVersion="1.3.1.0" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="Microsoft.CodeAnalysis.CSharp" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.3.1.0" newVersion="1.3.1.0" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="System.Collections.Immutable" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.1.37.0" newVersion="1.1.37.0" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="System.Reflection.Metadata" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.2.0.0" newVersion="1.2.0.0" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="Microsoft.CodeAnalysis.Workspaces" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.3.1.0" newVersion="1.3.1.0" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="Microsoft.CodeAnalysis.VisualBasic" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.3.1.0" newVersion="1.3.1.0" />
-      </dependentAssembly>
-    </assemblyBinding>
-  </runtime>
-</configuration>
\ No newline at end of file
diff --git a/website/releasenotes.md b/website/releasenotes.md
index f4d4109c..6df70cf7 100644
--- a/website/releasenotes.md
+++ b/website/releasenotes.md
@@ -1,7 +1,32 @@
 # Release Notes
 
+## 5.6.7
+* sln were not analyzed by standalone tool fix by [@matteo-tosi](https://github.com/matteo-tosi) in [#262](https://github.com/security-code-scan/security-code-scan/pull/262)
+* added --sdk-path parameter
+
+**[Full Changelog](https://github.com/security-code-scan/security-code-scan/compare/5.6.6…5.6.7)**
+
+## 5.6.6
+* Fixed [#258](https://github.com/security-code-scan/security-code-scan/issues/258) "Standalone scanner throws exception: 'ProjectName' is already part of the workspace"
+
+**[Full Changelog](https://github.com/security-code-scan/security-code-scan/compare/5.6.5…5.6.6)**
+
+## 5.6.5
+* Fixed [#257](https://github.com/security-code-scan/security-code-scan/issues/257) "Exception on solution that contains a `Solution Items` section"
+
+## 5.6.4
+* Support running dotnet tool against a single project
+* Better filtering by projects in the dotnet tool
+* [#246](https://github.com/security-code-scan/security-code-scan/issues/246) Package security-scan is not compatible with netcoreapp3.1
+
+## 5.6.3
+* [#248](https://github.com/security-code-scan/security-code-scan/pull/248) Be able to exit with non-zero error code when warnings are found
+
+## 5.6.2
+* Blue-yellow edition in support of Ukraine.
+
 ## 5.6.1
-* Fixed #239 "Adding custom sanitizers to a config file in stand-alone runner".
+* Fixed [#239](https://github.com/security-code-scan/security-code-scan/issues/239) "Adding custom sanitizers to a config file in stand-alone runner".
 
 ## 5.6.0
 * Added support for .NET 6.0 and VS2022