The use of third-party applications in Kubernetes environments raises security concerns, as these apps have access to production data and can introduce vulnerabilities. The way these apps are packaged and installed using tools like Helm or CNAB can impact security. Third-party applications can be classified into standalone apps providing specific values and direct dependencies of first-party applications. To address the issue, automation and pipeline design that validate and test third-party content earlier in the development process are crucial. This requires local tools to sanity-check bundles, CI/CD pipelines for quick setup, streamlined pipelines for external images, and standards for sharing trusted vulnerability data.