diff --git a/security_tools/redhat_tools/rpm-to-cve.xml b/security_tools/redhat_tools/data/rpm-to-cve.xml
similarity index 100%
rename from security_tools/redhat_tools/rpm-to-cve.xml
rename to security_tools/redhat_tools/data/rpm-to-cve.xml
diff --git a/security_tools/redhat_tools/rhel_rpm_to_cve.rb b/security_tools/redhat_tools/rhel_rpm_to_cve.rb
index a592be2..1a9ab76 100644
--- a/security_tools/redhat_tools/rhel_rpm_to_cve.rb
+++ b/security_tools/redhat_tools/rhel_rpm_to_cve.rb
@@ -1,4 +1,7 @@
 # frozen_string_literal: true
+# this is meant to parse and query data in redhat linux rpm-to-cve.xml file 
+# that is posted on their security API.
+# Reference: https://www.redhat.com/security/data/metrics/
 
 require 'ox'
 require 'json'
diff --git a/security_tools/redhat_tools/rpm_pkg_audit.rb b/security_tools/redhat_tools/rpm_pkg_audit.rb
index 1ac6129..378febf 100755
--- a/security_tools/redhat_tools/rpm_pkg_audit.rb
+++ b/security_tools/redhat_tools/rpm_pkg_audit.rb
@@ -9,7 +9,7 @@ require 'pry'
 
 ARGV << '-h' if ARGV.empty?
 
-data_file = './rpm-to-cve.xml'
+data_file = './data/rpm-to-cve.xml'
 
 options = {}
 
@@ -53,7 +53,7 @@ elsif pkg_name
   cve_pkgs_and_adv = rhel_api_client.cve_pkg_adv(json_response)
   puts JSON.pretty_generate(cve_pkgs_and_adv)
 elsif options[:refresh]
-  rpm_auditer.refresh_rpm_to_cve_file('./rpm-to-cve.xml')
+  rpm_auditer.refresh_rpm_to_cve_file('./data/rpm-to-cve.xml')
 elsif options[:cve]
   cve = options[:cve]
   r = rhel_api_client.cve_id(cve)
diff --git a/security_tools/redhat_tools/update_rpms_to_cve_xml.sh b/security_tools/redhat_tools/update_rpms_to_cve_xml.sh
deleted file mode 100755
index 2c71c67..0000000
--- a/security_tools/redhat_tools/update_rpms_to_cve_xml.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-# refresh the latest rpm to cve xml mapping file from redhat security page
-
-wget -O rpm-to-cve.xml https://www.redhat.com/security/data/metrics/rpm-to-cve.xml