Document the installation of the SonarCloud GitHub app (travis-ci#2070)

* Document the install of the SonarCloud GitHub app Since a couple of months already, there is no need to use tokens to activate the analysis of PR. This is done through the SonarCloud GitHub app that needs to be installed. * Apply feedback
gitandhub1 · Jun 5, 2020 · eb8e75c · eb8e75c
1 parent 4fd42e9
commit eb8e75c
Showing 1 changed file with 2 additions and 11 deletions.
diff --git a/user/sonarcloud.md b/user/sonarcloud.md
@@ -76,23 +76,14 @@ SonarCloud can inspect internal pull requests of your repository and write comme
 
 > For security reasons, this advanced feature works only for **internal** pull requests. In other words, pull requests built from forks won't be inspected.
 
-To activate analysis on pull requests, you need to follow those extra steps:
+To activate analysis on pull requests, you need to [install the SonarCloud application](https://github.com/apps/sonarcloud) on your GitHub organization(s).
 
-1. Generate a [personal access token](https://help.github.com/articles/creating-an-access-token-for-command-line-use/) for the GitHub user which will be used by SonarCloud to write the comments.
-  - This GitHub user should not be one of the developers, but rather a technical account which has write access to the repository and which will act as a bot
-  - The token must have the following scopes:
-    -  "repo:status" and "public_repo" for public repositories
-    -  all of "repo" scope for private repositories
-2. Go to the "Administration > General Settings > Pull Requests" page of your project on SonarCloud
-  - Enter this token in the "GitHub > Authentication token" section 
-
-> When specifying the token in SonarCloud, make sure that you click twice on "Save"! To be sure that your token was saved, reload the administration page and make sure that you see a "Change" button on the "Authentication token" section.
+Note that if you used SonarCloud before the GitHub application and therefore configured GitHub tokens on your projects, you should now delete those tokens from the "Administration > General Settings > Pull Requests" page of your projects.
 
 ## Upcoming improvements
 
 Future versions of this add-on will provide the following features:
 
-- No need to define a third-party GitHub user for pull request analysis. SonarCloud will use its own identity.
 - Support for external pull requests.
 
 ## Deprecated features