Dockerfile for cve-web includes a wget call to archive.apache.org. This is causing an error:

0.888 ERROR: The certificate of 'archive.apache.org' is not trusted.
0.888 ERROR: The certificate of 'archive.apache.org' hasn't got a known issuer.

To get around this, use wget --no-check-certificate https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.3/bin/apache-tomcat-8.5.3.tar.gz instead.