If you want to run unverified software in your own environment, you may want to isolate it from the rest of your system. Some ways to sandbox the executed code is via VMs, containers, or micro VMs such as Firecracker (https://firecracker-microvm.github.io/) used by AWS Lambda.
This way, the crashes, leaks, and security problems of one application won't propagate to the entire system, rendering it either useless or compromised. As each process will have its own sandbox, the worst-case scenario would be the loss of only this one service.
For C and C++ code, there is also Sandboxed API (SAPI; https://github.com/google/sandboxed-api) an open source project led by Google. It allows building sandboxes not for entire processes but for libraries. It is used by Google's own Chrome and Chromium web browsers, among others.
Even though VMs and containers can be a part of the process isolation strategy, don't confuse them with microservices, which...