Weird operations on CA certificates in the container

I’m running Discourse 2.7.0.beta3 using discourse_docker and I also have some monitoring done using ThreatStack which has detected some weird operations being done on some temporary ca-certificates.crt files:

And I would like to understand why this is happening. Should I be worried security-wise? Or is it just part of normal operations for Discourse?

You can audit the source code of the image and control scripts on the repository.

Closing as probable false positive. Flag to reopen if you find anything actionable.