@govuk-pay/cli 0.0.7 → 0.0.9

package/resources/legacy-ruby-cli/lib/pay_cli/commands/local/files/toolbox.yaml

@@ -0,0 +1,473 @@
+version: '2.1'
+
+services:
+  
+    adminusers_db:
+      image: postgres:11.1
+      environment:
+        - POSTGRES_PASSWORD=mysecretpassword
+      mem_limit: 250M
+      logging:
+        driver: "json-file"
+      container_name: adminusers_db
+      healthcheck:
+        test: ["CMD-SHELL", "pg_isready"]
+        interval: 10s
+        timeout: 5s
+        retries: 5
+      volumes:
+        - ./postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
+      ports:
+        - "19700:5432"
+  
+    connector_db:
+      image: postgres:11.1
+      environment:
+        - POSTGRES_PASSWORD=mysecretpassword
+      mem_limit: 250M
+      logging:
+        driver: "json-file"
+      container_name: connector_db
+      healthcheck:
+        test: ["CMD-SHELL", "pg_isready"]
+        interval: 10s
+        timeout: 5s
+        retries: 5
+      volumes:
+        - ./postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
+      ports:
+        - "19300:5432"
+  
+    publicauth_db:
+      image: postgres:11.1
+      environment:
+        - POSTGRES_PASSWORD=mysecretpassword
+      mem_limit: 250M
+      logging:
+        driver: "json-file"
+      container_name: publicauth_db
+      healthcheck:
+        test: ["CMD-SHELL", "pg_isready"]
+        interval: 10s
+        timeout: 5s
+        retries: 5
+      volumes:
+        - ./postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
+      ports:
+        - "19600:5432"
+  
+    products_db:
+      image: postgres:11.1
+      environment:
+        - POSTGRES_PASSWORD=mysecretpassword
+      mem_limit: 250M
+      logging:
+        driver: "json-file"
+      container_name: products_db
+      healthcheck:
+        test: ["CMD-SHELL", "pg_isready"]
+        interval: 10s
+        timeout: 5s
+        retries: 5
+      volumes:
+        - ./postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
+      ports:
+        - "19800:5432"
+  
+    ledger_db:
+      image: postgres:11.1
+      environment:
+        - POSTGRES_PASSWORD=mysecretpassword
+      mem_limit: 250M
+      logging:
+        driver: "json-file"
+      container_name: ledger_db
+      healthcheck:
+        test: ["CMD-SHELL", "pg_isready"]
+        interval: 10s
+        timeout: 5s
+        retries: 5
+      volumes:
+        - ./postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
+      ports:
+        - "20700:5432"
+  
+    webhooks_db:
+      image: postgres:11.1
+      environment:
+        - POSTGRES_PASSWORD=mysecretpassword
+      mem_limit: 250M
+      logging:
+        driver: "json-file"
+      container_name: webhooks_db
+      healthcheck:
+        test: ["CMD-SHELL", "pg_isready"]
+        interval: 10s
+        timeout: 5s
+        retries: 5
+      volumes:
+        - ./postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
+      ports:
+        - "20800:5432"
+  
+  
+  
+    adminusers:
+      image: governmentdigitalservice/pay-adminusers:local
+      
+      depends_on:
+        adminusers_db:
+          condition: service_healthy
+      
+      env_file:
+        - services/java_app.env
+        - services/adminusers.env
+      environment:
+        - RUN_MIGRATION=true
+        - RUN_APP=true
+        - PORT=9700
+        - DISABLE_INTERNAL_HTTPS=true
+        
+        - DB_HOST=adminusers_db
+        - DB_USER=adminusers
+        - DB_PASSWORD=mysecretpassword
+        - DB_SSL_OPTION=ssl=none
+        
+
+        
+
+        
+
+        
+
+        - ADMINUSERS_URL=http://adminusers:9700
+        - CONNECTOR_URL=http://connector:9300
+        - PUBLICAUTH_URL=http://publicauth:9600
+        - PRODUCTS_URL=http://products:18000
+        - LEDGER_URL=http://ledger:10700
+        - WEBHOOKS_URL=http://webhooks:10800
+        - TOOLBOX_URL=http://localhost:3040
+      working_dir: '/app'
+      mem_limit: 2G
+      user: root
+      logging:
+        driver: "json-file"
+      ports:
+          - "9700:9700"
+          
+      container_name: adminusers
+  
+    connector:
+      image: governmentdigitalservice/pay-connector:local
+      
+      depends_on:
+        connector_db:
+          condition: service_healthy
+      
+      env_file:
+        - services/java_app.env
+        - services/connector.env
+      environment:
+        - RUN_MIGRATION=true
+        - RUN_APP=true
+        - PORT=9300
+        - DISABLE_INTERNAL_HTTPS=true
+        
+        - DB_HOST=connector_db
+        - DB_USER=connector
+        - DB_PASSWORD=mysecretpassword
+        - DB_SSL_OPTION=ssl=none
+        
+
+        
+        - AWS_ACCESS_KEY=mockAccessKey
+        - AWS_SECRET_ACCESS_KEY=mockSecretAccessKey
+        
+
+        
+        - AWS_SQS_REGION=eu-west-1
+        - AWS_SQS_MESSAGE_MAXIMUM_WAIT_TIME_IN_SECONDS=20
+        - AWS_SQS_NON_STANDARD_SERVICE_ENDPOINT=true
+        - AWS_SQS_ENDPOINT=http://localstack:4566
+        - AWS_SQS_CAPTURE_QUEUE_URL=http://localstack:4566/000000000000/pay_capture_queue
+        - AWS_SQS_PAYMENT_EVENT_QUEUE_URL=http://localstack:4566/000000000000/pay_event_queue
+        - AWS_SQS_PAYOUT_RECONCILE_QUEUE_URL=http://localstack:4566/000000000000/payout_reconcile_queue
+        - AWS_SQS_CONNECTOR_TASKS_QUEUE_URL=http://localstack:4566/000000000000/connector_tasks_queue
+        
+
+        
+
+        - ADMINUSERS_URL=http://adminusers:9700
+        - CONNECTOR_URL=http://connector:9300
+        - PUBLICAUTH_URL=http://publicauth:9600
+        - PRODUCTS_URL=http://products:18000
+        - LEDGER_URL=http://ledger:10700
+        - WEBHOOKS_URL=http://webhooks:10800
+        - TOOLBOX_URL=http://localhost:3040
+      working_dir: '/app'
+      mem_limit: 2G
+      user: root
+      logging:
+        driver: "json-file"
+      ports:
+          - "9300:9300"
+          - "9301:9301"
+      container_name: connector
+  
+    publicauth:
+      image: governmentdigitalservice/pay-publicauth:local
+      
+      depends_on:
+        publicauth_db:
+          condition: service_healthy
+      
+      env_file:
+        - services/java_app.env
+        - services/publicauth.env
+      environment:
+        - RUN_MIGRATION=true
+        - RUN_APP=true
+        - PORT=9600
+        - DISABLE_INTERNAL_HTTPS=true
+        
+        - DB_HOST=publicauth_db
+        - DB_USER=publicauth
+        - DB_PASSWORD=mysecretpassword
+        - DB_SSL_OPTION=ssl=none
+        
+
+        
+
+        
+
+        
+
+        - ADMINUSERS_URL=http://adminusers:9700
+        - CONNECTOR_URL=http://connector:9300
+        - PUBLICAUTH_URL=http://publicauth:9600
+        - PRODUCTS_URL=http://products:18000
+        - LEDGER_URL=http://ledger:10700
+        - WEBHOOKS_URL=http://webhooks:10800
+        - TOOLBOX_URL=http://localhost:3040
+      working_dir: '/app'
+      mem_limit: 2G
+      user: root
+      logging:
+        driver: "json-file"
+      ports:
+          - "9600:9600"
+          
+      container_name: publicauth
+  
+    products:
+      image: governmentdigitalservice/pay-products:local
+      
+      depends_on:
+        products_db:
+          condition: service_healthy
+      
+      env_file:
+        - services/java_app.env
+        - services/products.env
+      environment:
+        - RUN_MIGRATION=true
+        - RUN_APP=true
+        - PORT=18000
+        - DISABLE_INTERNAL_HTTPS=true
+        
+        - DB_HOST=products_db
+        - DB_USER=products
+        - DB_PASSWORD=mysecretpassword
+        - DB_SSL_OPTION=ssl=none
+        
+
+        
+
+        
+
+        
+
+        - ADMINUSERS_URL=http://adminusers:9700
+        - CONNECTOR_URL=http://connector:9300
+        - PUBLICAUTH_URL=http://publicauth:9600
+        - PRODUCTS_URL=http://products:18000
+        - LEDGER_URL=http://ledger:10700
+        - WEBHOOKS_URL=http://webhooks:10800
+        - TOOLBOX_URL=http://localhost:3040
+      working_dir: '/app'
+      mem_limit: 2G
+      user: root
+      logging:
+        driver: "json-file"
+      ports:
+          - "18000:18000"
+          
+      container_name: products
+  
+    ledger:
+      image: governmentdigitalservice/pay-ledger:local
+      
+      depends_on:
+        ledger_db:
+          condition: service_healthy
+      
+      env_file:
+        - services/java_app.env
+        - services/ledger.env
+      environment:
+        - RUN_MIGRATION=true
+        - RUN_APP=true
+        - PORT=10700
+        - DISABLE_INTERNAL_HTTPS=true
+        
+        - DB_HOST=ledger_db
+        - DB_USER=ledger
+        - DB_PASSWORD=mysecretpassword
+        - DB_SSL_OPTION=ssl=none
+        
+
+        
+        - AWS_ACCESS_KEY=mockAccessKey
+        - AWS_SECRET_ACCESS_KEY=mockSecretAccessKey
+        
+
+        
+        - AWS_SQS_REGION=eu-west-1
+        - AWS_SQS_MESSAGE_MAXIMUM_WAIT_TIME_IN_SECONDS=20
+        - AWS_SQS_NON_STANDARD_SERVICE_ENDPOINT=true
+        - AWS_SQS_ENDPOINT=http://localstack:4566
+        - AWS_SQS_PAYMENT_EVENT_QUEUE_URL=http://localstack:4566/000000000000/pay_event_queue
+        
+
+        
+        - AWS_SNS_NON_STANDARD_SERVICE_ENDPOINT=true
+        - AWS_SNS_ENDPOINT=http://localstack:4566
+        - AWS_SNS_REGION=eu-west-1
+        - SNS_TOPIC_CARD_PAYMENT_EVENTS_ARN=arn:aws:sns:eu-west-1:000000000000:card-payment-events-topic
+        - SNS_TOPIC_CARD_PAYMENT_DISPUTE_EVENTS_ARN=arn:aws:sns:eu-west-1:000000000000:card-payment-dispute-events-topic
+        
+
+        - ADMINUSERS_URL=http://adminusers:9700
+        - CONNECTOR_URL=http://connector:9300
+        - PUBLICAUTH_URL=http://publicauth:9600
+        - PRODUCTS_URL=http://products:18000
+        - LEDGER_URL=http://ledger:10700
+        - WEBHOOKS_URL=http://webhooks:10800
+        - TOOLBOX_URL=http://localhost:3040
+        - SNS_ENABLED=true
+        - PUBLISH_CARD_PAYMENT_EVENTS_TO_SNS=true
+        - PUBLISH_CARD_PAYMENT_DISPUTE_EVENTS_TO_SNS=true
+      working_dir: '/app'
+      mem_limit: 2G
+      user: root
+      logging:
+        driver: "json-file"
+      ports:
+          - "10700:10700"
+          
+      container_name: ledger
+  
+    webhooks:
+      image: governmentdigitalservice/pay-webhooks:local
+      
+      depends_on:
+        webhooks_db:
+          condition: service_healthy
+      
+      env_file:
+        - services/java_app.env
+        - services/webhooks.env
+      environment:
+        - RUN_MIGRATION=true
+        - RUN_APP=true
+        - PORT=10800
+        - DISABLE_INTERNAL_HTTPS=true
+        
+        - DB_HOST=webhooks_db
+        - DB_USER=webhooks
+        - DB_PASSWORD=mysecretpassword
+        - DB_SSL_OPTION=ssl=none
+        
+
+        
+        - AWS_ACCESS_KEY=mockAccessKey
+        - AWS_SECRET_ACCESS_KEY=mockSecretAccessKey
+        
+
+        
+        - AWS_SQS_REGION=eu-west-1
+        - AWS_SQS_MESSAGE_MAXIMUM_WAIT_TIME_IN_SECONDS=20
+        - AWS_SQS_NON_STANDARD_SERVICE_ENDPOINT=true
+        - AWS_SQS_ENDPOINT=http://localstack:4566
+        - AWS_SQS_PAYMENT_EVENT_QUEUE_URL=http://localstack:4566/000000000000/webhooks-events-subscriber-queue
+        
+
+        
+
+        - ADMINUSERS_URL=http://adminusers:9700
+        - CONNECTOR_URL=http://connector:9300
+        - PUBLICAUTH_URL=http://publicauth:9600
+        - PRODUCTS_URL=http://products:18000
+        - LEDGER_URL=http://ledger:10700
+        - WEBHOOKS_URL=http://webhooks:10800
+        - TOOLBOX_URL=http://localhost:3040
+      working_dir: '/app'
+      mem_limit: 2G
+      user: root
+      logging:
+        driver: "json-file"
+      ports:
+          - "10800:10800"
+          
+      container_name: webhooks
+  
+  
+  
+    toolbox:
+      image: node:16.20.0-alpine3.17
+      
+      env_file: services/toolbox.env
+      environment:
+        - SECURE_COOKIE_OFF=true
+        - RUN_APP=true
+        - DISABLE_APPMETRICS=true
+        - DISABLE_INTERNAL_HTTPS=true
+        - PORT=3040
+
+        - ADMINUSERS_URL=http://adminusers:9700
+
+        - CONNECTOR_URL=http://connector:9300
+
+        - PUBLIC_AUTH_URL=http://publicauth:9600
+
+        - PRODUCTS_URL=http://products:18000
+
+        - LEDGER_URL=http://ledger:10700
+
+        - WEBHOOKS_URL=http://webhooks:10800
+        - TOOLBOX_URL=http://localhost:3040
+      volumes:
+        - "$WORKSPACE/pay-toolbox:/app"
+      mem_limit: 1G
+      working_dir: '/app'
+      entrypoint: sh -c "npm run build:copy && npm --inspect=0.0.0.0:3041 start"
+      ports:
+        - "3040:3040"
+        - "3041:3041"
+      logging:
+        driver: "json-file"
+      container_name: toolbox
+  
+  
+  
+    localstack:
+      image: localstack/localstack:3
+      container_name: localstack
+      environment:
+        - EAGER_SERVICE_LOADING=1
+        - SERVICES=sns,sqs
+      ports:
+        - "4566:4566" # All AWS services exposed on this port
+      volumes:
+        - /Users/jonathan.harden/gitdevel/github.com/alphagov/pay-infra/cli/lib/pay_cli/commands/local/files/localstack/init-aws.sh:/etc/localstack/init/ready.d/init-aws.sh
+  

package/resources/legacy-ruby-cli/lib/pay_cli/commands/local.rb

@@ -14,6 +14,7 @@ require 'pathname'
 REQUIRES_COMPILATION = %w[frontend products-ui selfservice toolbox].freeze
 
 class PayCLI::Commands::Local < Thor
+  warn "🏠  Local Pay for local people\n\n"
   map "up" => :launch
   desc 'launch | up [--cluster <cluster>] [--local <app>] [--proxy] [--apps] [--rebuild]',
        'Launch a predefined cluster, or a user specified list of apps.' \
@@ -171,7 +172,7 @@ class PayCLI::Commands::Local < Thor
   def user
     warn '🏗️🏗  Constructing useful things for you...'
     gateway_account_ids = []
-
+  
     service = AppClient::create_service()
     service_id = service.fetch('external_id')
 
@@ -189,7 +190,7 @@ class PayCLI::Commands::Local < Thor
         end
       end
     end
-
+ 
     warn '🤓  Creating admin user for service'
     user = AppClient::create_user(gateway_account_ids: gateway_account_ids)
     warn '😎  Creating read only user for service'

package/resources/legacy-ruby-cli/rds_access/connect.sh

@@ -41,6 +41,7 @@ do
 done
 
 ACCOUNT="${ENVIRONMENT%%-*}"
+PAY_ENV_NAME=$(sed -E 's/-[0-9]+$//' <<<"$ENVIRONMENT")
 KEY_LOCATION="${TMPDIR}rds_tunnel_temp_key"
 
 function cleanup() {
@@ -54,6 +55,22 @@ function cleanup() {
 
 trap cleanup EXIT
 
+PROMPT_TEXT="Do you require read-only access, or write-access to the database? [R/w]: "
+read -r -p "$PROMPT_TEXT" READONLY_INPUT
+while [ "$READONLY_INPUT" != "R" ] && [ "$READONLY_INPUT" != "r" ] && [ "$READONLY_INPUT" != "W" ] && [ "$READONLY_INPUT" != "w" ] && [ "$READONLY_INPUT" != "" ]; do
+  echo
+  read -r -p "$PROMPT_TEXT" READONLY_INPUT
+done
+echo
+
+if [ "$READONLY_INPUT" == "w" ] || [ "$READONLY_INPUT" == "W" ]; then
+  echo "Database write access requested"
+  READONLY=0
+else
+  echo "Database read-only access requested"
+  READONLY=1
+fi
+
 echo "Finding bastion host"
 read -r bastion_instance_id availability_zone <<< "$(aws-vault exec "$ACCOUNT" -- \
   aws autoscaling describe-auto-scaling-groups | \
@@ -132,18 +149,27 @@ if ! aws-vault exec "$ACCOUNT" -- \
 fi
 
 SOURCE_DIRECTORY=$(dirname "$BASH_SOURCE")
-DB_USER=$(yq eval ".value.$ENVIRONMENT.$APP.DB_USER" < "${SOURCE_DIRECTORY}/../config/secrets.yml")
+
+if [ "$READONLY" -eq 1 ]; then
+  DB_USER=$(yq eval ".value.$ENVIRONMENT.$APP.DB_SUPPORT_USER_READONLY" < "${SOURCE_DIRECTORY}/../config/secrets.yml")
+  DB_USER_SECRET_NAME="aws/rds/support_readonly_users/${PAY_ENV_NAME}/${DB_USER}" # pragma: allowlist secret
+  PAY_SECRETS_PASSWORD_NAME="DB_SUPPORT_PASSWORD_READONLY" # pragma: allowlist secret
+else
+  DB_USER=$(yq eval ".value.$ENVIRONMENT.$APP.DB_USER" < "${SOURCE_DIRECTORY}/../config/secrets.yml")
+  DB_USER_SECRET_NAME="aws/rds/application_users/${ACCOUNT}/${DB_USER}" # pragma: allowlist secret
+  PAY_SECRETS_PASSWORD_NAME="DB_PASSWORD" # pragma: allowlist secret
+fi
 
 echo -e "Connected tunnel to $APP RDS database in $ENVIRONMENT on port 65432\n"
 echo "Copy DB credentials to clipboard (in another window) using pay-low-pass:"
-echo -e "  pay-low-pass aws/rds/application_users/$ACCOUNT/$DB_USER | pbcopy\n"
+echo -e "  pay-low-pass $DB_USER_SECRET_NAME | pbcopy\n" # pragma: allowlist secret
 echo "Alternatively, fetch credentials from pay secrets:"
-echo -e "  pay secrets fetch $ENVIRONMENT $APP DB_PASSWORD | pbcopy\n"
+echo -e "  pay secrets fetch $ENVIRONMENT $APP $PAY_SECRETS_PASSWORD_NAME | pbcopy\n"  # pragma: allowlist secret
 echo "Open psql with:"
 echo -e "  psql -h localhost -p 65432 -U $DB_USER -d $APP\n"
 echo "Alternatively connect using docker instead of needing psql installed locally and set the password automatically using pay-low-pass:"
 echo -e "   docker run --rm -ti postgres:${engine_version}-alpine psql --host docker.for.mac.localhost --port 65432 --user $DB_USER --dbname $APP\n"
 echo "Or even more conveniently connect using a docker container and set the password automatically using pay-low-pass:"
-echo -e "   docker run -e \"PGPASSWORD=\$(pay-low-pass aws/rds/application_users/${ACCOUNT}/${DB_USER})\" --rm -ti postgres:${engine_version}-alpine psql --host docker.for.mac.localhost --port 65432 --user $DB_USER --dbname $APP\n"
+echo -e "   docker run -e \"PGPASSWORD=\$(pay-low-pass ${DB_USER_SECRET_NAME})\" --rm -ti postgres:${engine_version}-alpine psql --host docker.for.mac.localhost --port 65432 --user $DB_USER --dbname $APP\n"
 read -rsn1 -p "Press any key to close session."; echo
 ssh -O exit -S temp-ssh.sock '*'

package/resources/legacy-ruby-cli/vulnerability_scan/generate_vulnerability_report.js

@@ -1,91 +1,88 @@
 const fs = require('fs')
 const path = require('path')
+const stringify = require('csv-stringify/sync').stringify
 
-const INPUT_PATH = `${path.dirname(__filename)}/reports`
-const OUTPUT_PATH = `${path.dirname(__filename)}/reports`
-const HEADERS = ["App name", "Release", "Vulnerability", "Severity", "Package", "Fixed version"]
+const INPUT_PATH = `${path.resolve(path.dirname(__filename))}/reports`
+const OUTPUT_PATH = `${path.resolve(path.dirname(__filename))}/reports`
+
+const HEADERS = ["App name", "Release", "Vulnerability", "Severity", "Status", "Package", "Fixed version"]
 const NODE_MAJOR_VERSION = process.versions.node.split('.')[0];
 
 if (NODE_MAJOR_VERSION < 16) {
   console.warn('⛔️ requires >= Node 16')
+  process.exit(1)
 } else {
   generate()
 }
 
 function generate() {
-  const jsonData = []
   const date = new Date().toJSON().slice(0, 10);
   const jsonFiles = fs.readdirSync(INPUT_PATH).filter(file => path.extname(file) === '.json')
   const reportFilePath = `${OUTPUT_PATH}/vulnerability_scan_report-${date}.csv`
+  const violatedRules = new Map()
   let parseCount = 0
   let rowCount = 0
   try {
     jsonFiles.forEach(file => {
-      const appAndRelease = extractAppAndRelease(file)
+      const appInfo = extractAppAndReleaseFromFilename(file)
       const filePath = path.join(INPUT_PATH, file)
       const data = fs.readFileSync(filePath, 'utf8')
       const parsedData = JSON.parse(data)
-      const cveObjects = extractCVEObjects(parsedData["runs"][0]["results"], appAndRelease)
-      jsonData.push({
-        "CVEs": cveObjects
-      })
-    })
 
-    fs.writeFileSync(reportFilePath, HEADERS.join(',') + '\n')
+      const appViolations = [];
+      violatedRules.set(`${appInfo.name}:${appInfo.release}`, appViolations)
 
-    jsonData.forEach(data => {
-      data["CVEs"].forEach(cve => {
-        const row = HEADERS.map(key => cve[key]).join(',')
-        fs.appendFileSync(reportFilePath, row + '\n')
+      parsedData["runs"][0]["tool"]["driver"]["rules"].forEach(
+        (violatedRule) => appViolations.push({
+          "App name": appInfo.name,
+          "Release": appInfo.release,
+          "Vulnerability": violatedRule.id,
+          "Severity": violatedRule.properties.cvssV3_severity,
+          "Status": "",
+          "Package": violatedRule.properties.purls.join("\n"),
+          "Fixed version": violatedRule.properties.fixed_version,
+        })
+      )
+
+      parseCount++
+    })
+  } catch (err) {
+    console.error(`Error: Failed parsing source json after successfully parsing ${parseCount} of ${jsonFiles.length} source files: `, err)
+    process.exit(1)
+  }
+
+  const csv_rows = [HEADERS];
+  try {
+    violatedRules.forEach((violations) => {
+      violations.forEach((violation) => {
+        const row = HEADERS.map(key => violation[key])
+        csv_rows.push(row)
         rowCount++
       })
-      parseCount++
     })
   } catch (err) {
-    console.error("ERROR:", err.message)
-  } finally {
-    console.log(`Parsed ${parseCount} of ${jsonFiles.length} JSON files, wrote ${rowCount} row(s) to ${reportFilePath}`)
+    console.error("Error collating results for writing to CSV: ", err)
+    process.exit(1)
+  }
+
+  try {
+    fs.writeFileSync(reportFilePath, stringify(csv_rows))
+  } catch (err) {
+    console.error("Error writing CSV file: ", err.message)
+    process.exit(1)
   }
-}
 
+  console.log(`Parsed ${parseCount} of ${jsonFiles.length} JSON files, wrote ${rowCount} row(s) to ${reportFilePath}`)
+}
 
-function extractAppAndRelease(inputString) {
+function extractAppAndReleaseFromFilename(fileName) {
   const regex = /^.*?(?=-\d+)/ // matches any characters at the beginning of the string that are followed by a dash and one or more digits
-  const match = inputString.match(regex)
+  const match = fileName.match(regex)
   if (match && match[0]) {
-    const release = inputString.replace(`${match[0]}-`, "").replace(".json", "")
-    return [match[0], release]
+    const release = fileName.replace(`${match[0]}-`, "").replace(".json", "")
+    return { name: match[0], release }
   } else {
-    const fallback = inputString.replace(".json", "")
-    return [fallback, fallback] // fallback option
+    const fallback = fileName.replace(".json", "")
+    return { name: fallback, release: fallback}
   }
 }
-
-function extractCVEObjects(results, appAndRelease) {
-  let cveObjects = []
-  results.forEach(result => {
-    const stringArr = result["message"]["text"].split("\n").reduce((stringArr, string) => {
-      if (string !== "") {
-        stringArr.push(string
-          .split(", ")
-          .join(" ")
-          .trim()
-        )
-      }
-      return stringArr
-    }, [])
-    stringArr.push(`App name: ${appAndRelease[0]}`)
-    stringArr.push(`Release: ${appAndRelease[1]}`)
-    cveObjects.push(convertStringArrayToCVEObj(stringArr))
-  })
-  return cveObjects
-}
-
-function convertStringArrayToCVEObj(stringArr) {
-  const cveObj = {}
-  stringArr.forEach(s => {
-    const parts = s.split(':');
-    cveObj[parts[0].trim()] = parts[1].trim()
-  })
-  return cveObj
-}