Dead code : unused method/field finding in source code for private methods or fields being used in the class

Hi,

While scanning our project repo using Fortify tool, we received findings such as 

  • Dead Code :  Unused field
  • Dead Code : Unused method

On auditing, these findings were found as false positive as these methods/fields are actually used in the public class which is referenced from outside.

Specificallly Dead code Unused mehtods are found for certain extension methods and some asyc methods.like below:

private static IApplicationBuilder BuildSomeChain(this IApplicationBuilder app)
        {
            return app.UseMiddleware<SomeMiddleware>()
                .UseMiddleware<SomeMiddleware2>();
        }

used in code like below from Startup class:

endpoints.CreateApplicationBuilder()
                .BuildSomeService()

For dead code: unused fields, findings are for code like below:

private const string constant1 = 
            "message1";
            

private static readonly string config1 = configReader.Configuration.GetSection("Configuration1").Value;

What can be the reason for these false positives from the scan?

Can we improve something in the scan to reduce these finding for our other projects?

Thanks for the help in advance!