The webinar discussed the importance of securing public Kubernetes Helm charts, which are increasingly being used by teams without a full understanding of their security risks. The session covered practical techniques for analyzing and scanning Helm charts, including using tools like Trivy and helm-diff, as well as implementing proper upgrade strategies and understanding runtime behavior. Maintaining and upgrading Helm charts after installation is essential to keep Kubernetes workloads secure, stable, and compatible with the evolving ecosystem. Regular upgrades should be considered every few weeks for critical applications or quarterly for lower-risk workloads, while security patches should be applied immediately when relevant. The webinar also emphasized the need for vigilance in operators' behavior as much as chart design in securing Helm usage. Various tools were mentioned to scan Helm charts, including Trivy, KubeSec, Datree, Pluto, and helm lint. A combination of static analysis and runtime controls is recommended to verify that a Helm chart doesn't allow or initiate egress calls to unwanted external sources. The official Kubernetes CVE feed provides an auto-refreshing list of known vulnerabilities, while tools like Cilium with Hubble and Calico with Flow Logs can monitor real network traffic at the pod level. Deploying an API management server is also recommended to safeguard Kubernetes pods, especially for public or partner-facing services where access control and visibility are critical. The end goal of these sessions is to raise awareness around securing software packages throughout their lifecycle, providing practical education, actionable best practices, and tooling insights to support the community in building safer pipelines with confidence.