Capture knowledge when developers look at code

It is vital that when a developer is looking at code, he can create tickets for 'things noticed' without difficulty. For example, 'things noticed' include methods that need refactoring, complex logic, weird code, hard-to-visualize architecture, etc. If this knowledge is not captured, it will be lost.

The developer who notices an issue, and opens a ticket for the issue, will be unable to do anything about it at that moment in time, since he will already be focused on resolving another bug.

Instead, more junior developers, graduate employees or interns could take responsibility for opening and managing these tickets.

They could even try to address the issues in the first instance, because the developer is responsible for merging the PRs.

(from SecDevOps Risk Workflow book, please provide feedback as an GitHub issue)