[acrcssc] Tasks fail to trigger when DNL is enabled for the container registry #9512
Description
Describe the bug
since ACR's CSSC tasks trigger other tasks (cssc-trigger-workflow -- launches --> cssc-scan-image task, for example) the tasks reference the registry name via Task's provided runtime variable.
In this case seems {{.Run.Registry}} is resolving to the DNL name (<registry resource name>-<unique hash>) instead of just the registry resource name.
Since the DNL registry name contains dashes (-) and it is not the actual ARM resource name, any cli management plane command fails when triggered from the task
Related command
az acr supply-chain workflow
Errors
....
2026/01/09 21:20:01 Launching container with name: scan-and-schedule-patch
Tag Convention details: Configured Tag Convention:
Scheduling cssc-scan-image for /ubuntu-jammy, Tag:20240111, OriginalTag:20240111, PatchTag:20240111-1
ERROR: Registry names may contain only alpha numeric characters and must be between 5 and 50 characters
2026/01/09 21:20:02 Successfully executed container: scan-and-schedule-patch
Issue script & Debug output
same as above
Expected behavior
cssc extension should be able to trigger the necessary task regardless of DNL protection
Environment Summary
az version
{
"azure-cli": "2.79.0",
"azure-cli-core": "2.79.0",
"azure-cli-telemetry": "1.1.0",
"extensions": {
"acrcssc": "1.0.0b5",
"ml": "2.39.0",
"ssh": "2.0.6"
}
}
Additional context
minor side bug: the task step is marked as successful even though the command fails.