diff --git a/docs/development.md b/docs/development.md
index ff7acd8ba..00a847839 100644
--- a/docs/development.md
+++ b/docs/development.md
@@ -79,7 +79,7 @@ Currently, it is not possible to use a different Kubernetes version from the ver
 
 [Kompose CLI tests](https://github.com/kubernetes/kompose/tree/main/script/test/cmd) run `kompose convert` with compose files, and cross-check the k8s and OpenShift artifacts generated with the template files.
 
-To generate CLI tests, please run `make gen-cmd`.
+
 
 ### CI
 
diff --git a/pkg/transformer/kubernetes/podspec.go b/pkg/transformer/kubernetes/podspec.go
index c09c6d1c9..73392ca75 100644
--- a/pkg/transformer/kubernetes/podspec.go
+++ b/pkg/transformer/kubernetes/podspec.go
@@ -182,7 +182,13 @@ func SecurityContext(name string, service kobject.ServiceConfig) PodSpecOption {
 
 		// update template only if securityContext is not empty
 		if *securityContext != (api.SecurityContext{}) {
-			podSpec.Containers[0].SecurityContext = securityContext
+			// select the correct container to update by name
+			for i := range podSpec.Containers {
+				if podSpec.Containers[i].Name == GetContainerName(service) {
+					podSpec.Containers[i].SecurityContext = securityContext
+				}
+			}
+
 		}
 		if !reflect.DeepEqual(*podSecurityContext, api.PodSecurityContext{}) {
 			podSpec.SecurityContext = podSecurityContext
diff --git a/script/test/cmd/tests.sh b/script/test/cmd/tests.sh
index f982a4108..32a9590a2 100755
--- a/script/test/cmd/tests.sh
+++ b/script/test/cmd/tests.sh
@@ -83,6 +83,10 @@ convert::check_artifacts_generated "kompose -f $KOMPOSE_ROOT/script/test/fixture
 convert::check_artifacts_generated "kompose -f $KOMPOSE_ROOT/script/test/fixtures/pvc-request-size/compose.yaml convert -o $TEMP_DIR/output_dir2/output-k8s.json -j --pvc-request-size=300Mi" "$TEMP_DIR/output_dir2/output-k8s.json"
 convert::check_artifacts_generated "kompose --provider=openshift -f $KOMPOSE_ROOT/script/test/fixtures/pvc-request-size/compose.yaml convert -o $TEMP_DIR/output_dir2/output-os.json -j --pvc-request-size=300Mi" "$TEMP_DIR/output_dir2/output-os.json"
 
+
+
+
+
 ######
 # Test the path of build image
 # Test build v2 absolute compose file
@@ -417,4 +421,10 @@ convert::expect_success "$k8s_cmd" "$k8s_output" || exit 1
 # Test deploy.labels in compose.yaml appears in the output
 k8s_cmd="kompose -f $KOMPOSE_ROOT/script/test/fixtures/deploy/labels/compose.yaml convert --stdout --with-kompose-annotation=false"
 k8s_output="$KOMPOSE_ROOT/script/test/fixtures/deploy/labels/output-k8s.yaml"
-convert::expect_success "$k8s_cmd" "$k8s_output" || exit 1
\ No newline at end of file
+convert::expect_success "$k8s_cmd" "$k8s_output" || exit 1
+
+
+# TEST the security context conversion in service groups
+k8s_cmd="kompose -f $KOMPOSE_ROOT/script/test/fixtures/security-contexts/compose.yaml convert --stdout --with-kompose-annotation=false -service-group-mode label"
+k8s_output="$KOMPOSE_ROOT/script/test/fixtures/security-contexts/output-k8s.yaml"
+convert::expect_success "$k8s_cmd" "$k8s_output" || exit 1
diff --git a/script/test/fixtures/security-contexts/compose.yaml b/script/test/fixtures/security-contexts/compose.yaml
new file mode 100644
index 000000000..335927359
--- /dev/null
+++ b/script/test/fixtures/security-contexts/compose.yaml
@@ -0,0 +1,18 @@
+services:
+  dind:
+    container_name: dind
+    image: docker:28.1.1-dind
+    labels:
+      kompose.service.group: cup
+    ports:
+      - 2375:2375
+    privileged: True
+  cup:
+    container_name: cup
+    depends_on:
+      - dind
+    image: ghcr.io/sergi0g/cup:v3.4.0
+    labels:
+      kompose.service.group: cup
+    ports:
+      - 8000:8000
\ No newline at end of file
diff --git a/script/test/fixtures/security-contexts/output-k8s.yaml b/script/test/fixtures/security-contexts/output-k8s.yaml
new file mode 100644
index 000000000..027520552
--- /dev/null
+++ b/script/test/fixtures/security-contexts/output-k8s.yaml
@@ -0,0 +1,61 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    io.kompose.service: cup
+  name: cup
+spec:
+  ports:
+    - name: "8000"
+      port: 8000
+      targetPort: 8000
+  selector:
+    io.kompose.service: cup
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    io.kompose.service: cup
+  name: dind
+spec:
+  ports:
+    - name: "2375"
+      port: 2375
+      targetPort: 2375
+  selector:
+    io.kompose.service: cup
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    io.kompose.service: cup
+  name: cup
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: cup
+  template:
+    metadata:
+      labels:
+        io.kompose.service: cup
+    spec:
+      containers:
+        - image: ghcr.io/sergi0g/cup:v3.4.0
+          name: cup
+          ports:
+            - containerPort: 8000
+              protocol: TCP
+          securityContext:
+            privileged: true
+        - image: docker:28.1.1-dind
+          name: dind
+          ports:
+            - containerPort: 2375
+              protocol: TCP
+      restartPolicy: Always---