My organisations uses a self signed cert which curl takes issue with. Would be nice to have a way to accept self signed certs

which curl? Theres not enough info here to really be of help

Sorry I meant during this call

To access the https endpoint for my orgs GHE requires using my orgs self signed cert.

So my options are to add -k to your script (not the good option)
Or use your image as a base load in my orgs certs and run update-ca-certs

I guess I'm wondering if there is a better way to get the certs working without having to rebuild the image.

For security sake I wouldn't let all the curl's do insecure mode.

Your best bet is to fork it and add the cert to the chain for this scenario

Unfortunately not every unique case can avoid custom builds