diff --git a/.semgrepignore b/.semgrepignore
index ac7191dd2..0290a76ab 100644
--- a/.semgrepignore
+++ b/.semgrepignore
@@ -1 +1,2 @@
-testapps/
\ No newline at end of file
+testapps/
+test/
\ No newline at end of file
diff --git a/src/AWS.Deploy.DockerEngine/DockerFile.cs b/src/AWS.Deploy.DockerEngine/DockerFile.cs
index c595bc868..bd2737f42 100644
--- a/src/AWS.Deploy.DockerEngine/DockerFile.cs
+++ b/src/AWS.Deploy.DockerEngine/DockerFile.cs
@@ -79,6 +79,9 @@ public void WriteDockerFile(string projectDirectory, List<string>? projectList)
                 .Replace("{project-name}", _projectName)
                 .Replace("{assembly-name}", _assemblyName);
 
+            // ProjectDefinitionParser will have transformed projectDirectory to an absolute path, 
+            // and DockerFileName is static so traversal should not be possible here.
+            // nosemgrep: csharp.lang.security.filesystem.unsafe-path-combine.unsafe-path-combine
             File.WriteAllText(Path.Combine(projectDirectory, DockerFileName), dockerFile);
         }
     }
diff --git a/src/AWS.Deploy.Orchestration/Data/AWSResourceQueryer.cs b/src/AWS.Deploy.Orchestration/Data/AWSResourceQueryer.cs
index e9c3b8f2f..2c6b7bbf4 100644
--- a/src/AWS.Deploy.Orchestration/Data/AWSResourceQueryer.cs
+++ b/src/AWS.Deploy.Orchestration/Data/AWSResourceQueryer.cs
@@ -449,6 +449,8 @@ public async Task<string> CreateEC2KeyPair(string keyName, string saveLocation)
             var response = await HandleException(async () => await ec2Client.CreateKeyPairAsync(request),
             "Error attempting to create EC2 key pair");
 
+            // We're creating the key pair at a user-defined location, and want to support relative paths
+            // nosemgrep: csharp.lang.security.filesystem.unsafe-path-combine.unsafe-path-combine
             await File.WriteAllTextAsync(Path.Combine(saveLocation, $"{keyName}.pem"), response.KeyPair.KeyMaterial);
 
             return response.KeyPair.KeyName;
diff --git a/test/AWS.Deploy.CLI.Common.UnitTests/AWS.Deploy.CLI.Common.UnitTests.csproj b/test/AWS.Deploy.CLI.Common.UnitTests/AWS.Deploy.CLI.Common.UnitTests.csproj
index 6359e7d9a..04556a69d 100644
--- a/test/AWS.Deploy.CLI.Common.UnitTests/AWS.Deploy.CLI.Common.UnitTests.csproj
+++ b/test/AWS.Deploy.CLI.Common.UnitTests/AWS.Deploy.CLI.Common.UnitTests.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFramework>net6.0</TargetFramework>
@@ -33,8 +33,6 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.5.0" />
     <PackageReference Include="Should-DotNetStandard" Version="1.0.0" />
-    <PackageReference Include="xunit" Version="2.4.0" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.0" />
     <PackageReference Include="Moq" Version="4.16.1" />
   </ItemGroup>
 
diff --git a/test/AWS.Deploy.CLI.UnitTests/Utilities/MockPaginatedEnumerable.cs b/test/AWS.Deploy.CLI.UnitTests/Utilities/MockPaginatedEnumerable.cs
index ce7d1b48e..4865a6688 100644
--- a/test/AWS.Deploy.CLI.UnitTests/Utilities/MockPaginatedEnumerable.cs
+++ b/test/AWS.Deploy.CLI.UnitTests/Utilities/MockPaginatedEnumerable.cs
@@ -20,10 +20,10 @@ public MockPaginatedEnumerable(T[] data)
 
         public IAsyncEnumerator<T> GetAsyncEnumerator(CancellationToken cancellationToken = default)
         {
-            return new MockAsyncEnumerator<T>(_data);
+            return new MockAsyncEnumerator(_data);
         }
 
-        class MockAsyncEnumerator<T> : IAsyncEnumerator<T>
+        class MockAsyncEnumerator : IAsyncEnumerator<T>
         {
             readonly T[] _data;
             int _position;
diff --git a/version.json b/version.json
index b8e389cc8..d8b1ee321 100644
--- a/version.json
+++ b/version.json
@@ -1,6 +1,6 @@
 {
   "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
-  "version": "1.8",
+  "version": "1.9",
   "publicReleaseRefSpec": [
     ".*"
   ],