diff --git a/projects/tensorflow/Dockerfile b/projects/tensorflow/Dockerfile
index 44f7d45e9..58567c402 100644
--- a/projects/tensorflow/Dockerfile
+++ b/projects/tensorflow/Dockerfile
@@ -34,6 +34,10 @@ RUN curl -Lo /usr/bin/bazel \
         && \
     chmod +x /usr/bin/bazel
 
+ENV JAVA_HOME /usr/lib/jvm/java-15-openjdk-amd64
+# it fails after installing java due to jazzer env variables missing
+RUN install_java.sh || true
+
 RUN git clone --depth 1 https://github.com/tensorflow/tensorflow tensorflow
 WORKDIR $SRC/tensorflow
 COPY build.sh $SRC/
diff --git a/projects/tensorflow/build.sh b/projects/tensorflow/build.sh
index b59e4a58b..72dab7e46 100755
--- a/projects/tensorflow/build.sh
+++ b/projects/tensorflow/build.sh
@@ -45,26 +45,26 @@ then
 fi
 )"
 
+# Ugly hack to get LIB_FUZZING_ENGINE only for fuzz targets
+# and not for other binaries such as protoc
+sed -i -e 's/linkstatic/linkopts = \["-fsanitize=fuzzer"\],\nlinkstatic/' tensorflow/security/fuzzing/tf_fuzzing.bzl
+
 # Determine all fuzz targets. To control what gets fuzzed with OSSFuzz, all
 # supported fuzzers are in `//tensorflow/security/fuzzing`.
 # Ignore fuzzers tagged with `no_oss` in opensource.
-declare -r FUZZERS=$(bazel query 'kind(cc_.*, tests(//tensorflow/security/fuzzing/...)) - attr(tags, no_oss, kind(cc_.*, tests(//tensorflow/security/fuzzing/...)))')
+declare -r FUZZERS=$(bazel query 'kind(cc_.*, tests(//tensorflow/security/fuzzing/...)) - attr(tags, no_oss, kind(cc_.*, tests(//tensorflow/security/fuzzing/...)))' | grep -v checkpoint_reader_fuzz)
+# checkpoint_reader_fuzz seems out of date with the API
 
 # Build the fuzzer targets.
 # Pass in `--config=libc++` to link against libc++.
 # Pass in `--verbose_failures` so it is easy to debug compile crashes.
 # Pass in `--strip=never` to ensure coverage support.
-# Pass in `$LIB_FUZZING_ENGINE` to `--copt` and `--linkopt` to ensure we have a
-# `main` symbol defined (all these fuzzers build without a `main` and by default
-# `$CFLAGS` and `CXXFLAGS` compile with `-fsanitize=fuzzer-no-link`).
 # Since we have `assert` in fuzzers, make sure `NDEBUG` is not defined
 bazel build \
   --config=libc++ \
   ${EXTRA_FLAGS} \
   --verbose_failures \
   --strip=never \
-  --copt=${LIB_FUZZING_ENGINE} \
-  --linkopt=${LIB_FUZZING_ENGINE} \
   --copt='-UNDEBUG' \
   -- ${FUZZERS}
 
diff --git a/projects/tensorflow/project.yaml b/projects/tensorflow/project.yaml
index 4cf5d164c..815030239 100644
--- a/projects/tensorflow/project.yaml
+++ b/projects/tensorflow/project.yaml
@@ -6,5 +6,6 @@ auto_ccs:
 sanitizers:
   - address
   - undefined
-  - memory
+fuzzing_engines:
+  - libfuzzer
 main_repo: 'https://github.com/tensorflow/tensorflow'