Hi @tbrownSpecialized ,
we may even have folks that created a token and left the company, not sure if that token still has permissions.
SC tokens are associated with users. So, if these users are not members of your organization or have no permission to execute analysis, these tokens don’t work (token → user → permissions).
Please have a look at this answer.
Does execute permission affect the user’s ability to perform scans, or only their token?
As explained above, it affects the user’s ability, not only tokens (token = user).
If we remove Sonarcloud’s permission to GitHub and re-add it, will it invalidate the tokens?
No, it won’t.
Are we sure removing that access will remove the ability for CI to run properly?
Yes. If users try to analyze a project with their token without the execute analysis permission, they will get an error like Project not found. Please check the 'sonar.projectKey' and 'sonar.organization' properties, the 'SONAR_TOKEN' environment variable, or contact the project administrator.