diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..bfe8a14
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,41 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: "41 22 * * 2"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ csharp ]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/dotnet-desktop.yml b/.github/workflows/dotnet-desktop.yml
index 4a692a0..dd0ca7c 100644
--- a/.github/workflows/dotnet-desktop.yml
+++ b/.github/workflows/dotnet-desktop.yml
@@ -6,6 +6,11 @@ jobs:
   build:
     runs-on: windows-latest
     steps:
+    - id: signtool
+      name: Find signtool.exe
+      shell: cmd
+      run: where /f /r "%programfiles(x86)%\windows kits\10\bin" signtool.exe|for /f "delims=" %%s in ('find "\x64\"') do @echo signtool=%%s > %GITHUB_OUTPUT%
+      
     - name: Checkout
       uses: actions/checkout@v3
       with:
@@ -15,36 +20,19 @@ jobs:
     - name: Install .NET Core
       uses: actions/setup-dotnet@v3
       with:
-        dotnet-version: 6.0.x
-    - uses: actions/cache@v3
-      with:
-        path: ~/.nuget/packages
-        key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
-        restore-keys: |
-          ${{ runner.os }}-nuget-
+        dotnet-version: 7.0.x
   
-    - name: Build the application
-      run: dotnet build -c Release --verbosity quiet
+    - name: Build and test the application
+      shell: cmd
+      run: |
+        dotnet test --nologo --verbosity minimal --collect:"XPlat Code Coverage" --settings coverlet.runsettings -c Release --results-directory coverage
+        for /r coverage %%f in (coverage.*) do @move %%f lcov.info
 
-    - name : coverlet
-      uses: b3b00/coverlet-action@11.9
-      with:
-        testProject: 'Tests/Tests.csproj'
-        output: 'lcov.info'
-        outputFormat: 'lcov'
-        excludes: '[test]test.*'
     - name: Upload coverage report
       uses: coverallsapp/github-action@1.1.3
       with:
         github-token: ${{secrets.GITHUB_TOKEN }} 
-        path-to-lcov: Tests/lcov.info
-
-    # Decode the base 64 encoded pfx and save the Signing_Certificate
-    - name: Decode the pfx
-      run: |
-        $pfx_cert_byte = [System.Convert]::FromBase64String("${{ secrets.DIGICERT_PFX }}")
-        $certificatePath = Join-Path -Path . -ChildPath GitHubActionsWorkflow.pfx
-        [IO.File]::WriteAllBytes("$certificatePath", $pfx_cert_byte)
+        path-to-lcov: lcov.info
 
     - name: Publish
       run: |
@@ -52,12 +40,18 @@ jobs:
         dotnet publish RepopulatorCli/RepopulatorCli.csproj -o RepopulatorCli-lin-x64 -c Release -p:PublishReadyToRun=false -p:PublishSingleFile=true -p:PublishTrimmed=false --self-contained true -r linux-x64
         dotnet publish TemplateBuilder/TemplateBuilder.csproj -o template-builder -c Release -p:PublishSingleFile=true --self-contained true -r win-x64
       
-    - name: Sign
+    # Decode the base 64 encoded pfx and save the Signing_Certificate
+    - name: Decode the pfx
+      run: '[IO.File]::WriteAllBytes((Join-Path -Path . -ChildPath GitHubActionsWorkflow.pfx), [System.Convert]::FromBase64String("${{ secrets.DIGICERT_PFX }}"))'
+    - name: Sign, delete signing key and compress results
       shell: cmd
       run: |
-        "C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe" Sign /f GitHubActionsWorkflow.pfx /p ${{ secrets.DIGICERT_PASSWORD }} /fd sha256 /tr http://timestamp.digicert.com /td sha256 RepopulatorCli-win-x64/RepopulatorCli.exe template-builder/TemplateBuilder.exe template-builder/TypeGuesser.dll template-builder/Repopulator.dll template-builder/Fansi*.dll template-builder/BadMedicine*.dll template-builder/DicomTypeTranslation.dll
-        md dist
-        powershell.exe -nologo -noprofile -command "& { Add-Type -A 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::CreateFromDirectory('RepopulatorCli-win-x64', 'dist/RepopulatorCli-win-x64.zip');  [IO.Compression.ZipFile]::CreateFromDirectory('RepopulatorCli-lin-x64', 'dist/RepopulatorCli-lin-x64.zip');  [IO.Compression.ZipFile]::CreateFromDirectory('template-builder', 'dist/template-builder.zip'); }"
+        ${{steps.signtool.outputs.signtool}} Sign /f GitHubActionsWorkflow.pfx /p ${{ secrets.DIGICERT_PASSWORD }} /fd sha256 /tr http://timestamp.digicert.com /td sha256 RepopulatorCli-win-x64/RepopulatorCli.exe template-builder/TemplateBuilder.exe
+        del GitHubActionsWorkflow.pfx
+        mkdir -p dist
+        7z a -bd -mx=9 -mmt dist/RepopulatorCli-win-x64.zip RepopulatorCli-win-x64
+        7z a -bd -mx=9 -mmt dist/RepopulatorCli-lin-x64.zip RepopulatorCli-lin-x64
+        7z a -bd -mx=9 -mmt dist/template-builder.zip template-builder
 
     - name: Archive production artifacts
       uses: actions/upload-artifact@v3
@@ -67,8 +61,6 @@ jobs:
           dist
 
     # Remove the pfx
-    - name: Remove the pfx
-      run: Remove-Item -path GitHubActionsWorkflow.pfx
     - name: Upload binaries to release
       uses: svenstaro/upload-release-action@v2
       if: contains(github.ref, 'refs/tags/v')
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f7ab3fa..7958a40 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.2.2] - 2022-12-17
+
+- Fix Authenticode signing of Windows exe files
+- Build on .Net 7.0 rather than 6.0
+
 ## [2.2.1] - 2022-11-21
 
 - Bump CsvHelper from 27.2.1 to 30.0.1
diff --git a/Repopulator/Repopulator.csproj b/Repopulator/Repopulator.csproj
index a2b4dbd..8a8a796 100644
--- a/Repopulator/Repopulator.csproj
+++ b/Repopulator/Repopulator.csproj
@@ -1,11 +1,11 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <ProjectGuid>3b0e5ac1-5439-470c-832d-7de566b22cd8</ProjectGuid>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net7.0</TargetFramework>
     <AssemblyTitle>Repopulator</AssemblyTitle>
     <Product>Repopulator</Product>
     <Copyright>Copyright ©  2019</Copyright>
-    <DebugType>full</DebugType>
+    <DebugType>embedded</DebugType>
   </PropertyGroup>
   <PropertyGroup>
     <LangVersion>9.0</LangVersion>
diff --git a/RepopulatorCli/RepopulatorCli.csproj b/RepopulatorCli/RepopulatorCli.csproj
index 63f1c0c..3897ee7 100644
--- a/RepopulatorCli/RepopulatorCli.csproj
+++ b/RepopulatorCli/RepopulatorCli.csproj
@@ -2,9 +2,9 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net7.0</TargetFramework>
     <AssemblyName>RepopulatorCli</AssemblyName>
-    <DebugType>full</DebugType>
+    <DebugType>embedded</DebugType>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/SharedAssemblyInfo.cs b/SharedAssemblyInfo.cs
index 0f51e2c..3125316 100644
--- a/SharedAssemblyInfo.cs
+++ b/SharedAssemblyInfo.cs
@@ -7,6 +7,6 @@
 [assembly: AssemblyCulture("")]
 
 // These should be replaced with correct values by the release process
-[assembly: AssemblyVersion("2.2.1")]
-[assembly: AssemblyFileVersion("2.2.1")]
-[assembly: AssemblyInformationalVersion("2.2.1")]
+[assembly: AssemblyVersion("2.2.2")]
+[assembly: AssemblyFileVersion("2.2.2")]
+[assembly: AssemblyInformationalVersion("2.2.2")]
diff --git a/TemplateBuilder/TemplateBuilder.csproj b/TemplateBuilder/TemplateBuilder.csproj
index fced2d7..c1ee945 100644
--- a/TemplateBuilder/TemplateBuilder.csproj
+++ b/TemplateBuilder/TemplateBuilder.csproj
@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFramework>net6.0-windows</TargetFramework>
+    <TargetFramework>net7.0-windows</TargetFramework>
     <OutputType>WinExe</OutputType>
     <SelfContained>true</SelfContained>
     <RuntimeIdentifier>win-x64</RuntimeIdentifier>
@@ -10,8 +10,9 @@
     <UseWindowsForms>true</UseWindowsForms>
     <Prefer32Bit>false</Prefer32Bit>
     <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
-    <DebugType>full</DebugType>
+    <DebugType>embedded</DebugType>
     <GenerateResourceUsePreserializedResources>true</GenerateResourceUsePreserializedResources>
+    <EnableWindowsTargeting>true</EnableWindowsTargeting>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
     <PlatformTarget>AnyCPU</PlatformTarget>
diff --git a/Tests/Tests.csproj b/Tests/Tests.csproj
index df6e7f0..543aa29 100644
--- a/Tests/Tests.csproj
+++ b/Tests/Tests.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <ProjectGuid>{66EED857-25C6-4FF9-967A-333CB151DF0B}</ProjectGuid>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net7.0</TargetFramework>
     <ProjectTypeGuids>{3AC096D0-A1C2-E12C-1390-A8335801FDAB};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}</ProjectTypeGuids>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
     <ReferencePath>$(ProgramFiles)\Common Files\microsoft shared\VSTT\$(VisualStudioVersion)\UITestExtensionPackages</ReferencePath>
@@ -16,12 +16,12 @@
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets" Condition="Exists('$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets')" />
   <ItemGroup>
-    <PackageReference Include="coverlet.msbuild" Version="3.2.0">
+    <PackageReference Include="coverlet.collector" Version="3.2.0">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
     <PackageReference Include="HIC.DicomTypeTranslation" Version="4.0.1" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.4.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.4.1" />
     <PackageReference Include="NUnit" Version="3.13.3" />
     <PackageReference Include="NUnit3TestAdapter" Version="4.3.1">
       <PrivateAssets>all</PrivateAssets>
diff --git a/coverlet.runsettings b/coverlet.runsettings
new file mode 100644
index 0000000..ef5d958
--- /dev/null
+++ b/coverlet.runsettings
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<RunSettings>
+  <DataCollectionRunSettings>
+    <DataCollectors>
+      <DataCollector friendlyName="XPlat code coverage">
+        <Configuration>
+          <Format>lcov</Format>          
+          <ExcludeByAttribute>Obsolete,GeneratedCodeAttribute,CompilerGeneratedAttribute</ExcludeByAttribute>          
+          <SingleHit>false</SingleHit>
+          <UseSourceLink>true</UseSourceLink>
+          <IncludeTestAssembly>false</IncludeTestAssembly>
+          <SkipAutoProps>true</SkipAutoProps>
+          <DeterministicReport>false</DeterministicReport>
+          <ExcludeAssembliesWithoutSources>MissingAll</ExcludeAssembliesWithoutSources>
+        </Configuration>
+      </DataCollector>
+    </DataCollectors>
+  </DataCollectionRunSettings>
+</RunSettings>
\ No newline at end of file