diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile
new file mode 100644
index 0000000000..bdb0378ebc
--- /dev/null
+++ b/.clusterfuzzlite/Dockerfile
@@ -0,0 +1,4 @@
+FROM gcr.io/oss-fuzz-base/base-builder@sha256:14b332de0e18683f37386eaedbf735bc6e8d81f9c0e1138d620f2178e20cd30a
+COPY . $SRC/systemd
+WORKDIR $SRC/systemd
+COPY tools/oss-fuzz.sh $SRC/build.sh
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index a23d6374c1..c6d66e1031 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -12,3 +12,8 @@ updates:
     schedule:
       interval: "monthly"
     open-pull-requests-limit: 2
+  - package-ecosystem: "docker"
+    directory: "/.clusterfuzzlite"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 2
diff --git a/.github/workflows/cflite_build.yml b/.github/workflows/cflite_build.yml
new file mode 100644
index 0000000000..cfb3721a0e
--- /dev/null
+++ b/.github/workflows/cflite_build.yml
@@ -0,0 +1,31 @@
+---
+# vi: ts=2 sw=2 et:
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+name: ClusterFuzzLite continuous builds
+on:
+  push:
+    branches:
+      - main
+      - v[0-9]+-stable
+
+permissions: read-all
+
+jobs:
+  Build:
+    runs-on: ubuntu-latest
+    if: github.repository != 'systemd/systemd'
+    concurrency:
+      group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
+      cancel-in-progress: true
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer: [address, undefined, memory]
+    steps:
+    - name: Build Fuzzers (${{ matrix.sanitizer }})
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@41dccd0566905e2a7d1724e7883edbfa66d78877
+      with:
+        sanitizer: ${{ matrix.sanitizer }}
+        upload-build: true
diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml
new file mode 100644
index 0000000000..3fe2bac618
--- /dev/null
+++ b/.github/workflows/cflite_pr.yml
@@ -0,0 +1,39 @@
+---
+# vi: ts=2 sw=2 et:
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+name: ClusterFuzzLite PR fuzzing
+on:
+  pull_request:
+    branches:
+      - main
+      - v[0-9]+-stable
+
+permissions: read-all
+
+jobs:
+  PR:
+    runs-on: ubuntu-latest
+    if: github.repository != 'systemd/systemd' || github.event.pull_request.user.login == 'dependabot[bot]'
+    concurrency:
+      group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
+      cancel-in-progress: true
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer: [address, undefined, memory]
+    steps:
+    - name: Build Fuzzers (${{ matrix.sanitizer }})
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@41dccd0566905e2a7d1724e7883edbfa66d78877
+      with:
+        sanitizer: ${{ matrix.sanitizer }}
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Run Fuzzers (${{ matrix.sanitizer }})
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@41dccd0566905e2a7d1724e7883edbfa66d78877
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 1200
+        mode: 'code-change'
+        sanitizer: ${{ matrix.sanitizer }}
diff --git a/tools/oss-fuzz.sh b/tools/oss-fuzz.sh
index 1d7412a81b..f227eb0e85 100755
--- a/tools/oss-fuzz.sh
+++ b/tools/oss-fuzz.sh
@@ -80,7 +80,7 @@ rm -rf "$hosts"
 
 # The seed corpus is a separate flat archive for each fuzzer,
 # with a fixed name ${fuzzer}_seed_corpus.zip.
-for d in "$(dirname "$0")/../test/fuzz/fuzz-"*; do
+for d in test/fuzz/fuzz-*; do
     zip -jqr "$OUT/$(basename "$d")_seed_corpus.zip" "$d"
 done