SOC2 compliant with bubble hosted websites

Does anyone have experience becoming SOC2 compliant and including bubble hosted websites within the scope?

I know that bubble has become SOC2 compliant recently and that’s great! However, if a software development company is becoming SOC2 compliant, it may need to include the bubble apps it makes within it’s scope.

I have done a little research and see a possible challenge for reporting within the bubble ecosystem. In particular reporting when pushing a new change from the main branch to the live environment.

If anyone has ideas or experience I would appreciate it. Thanks!